Kwetsbaarheden - Week 16

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

vm2
https://nvd.nist.gov/vuln/detail/CVE-2023-29199 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-30547 (9.8)

SecurePoint UTM
https://nvd.nist.gov/vuln/detail/CVE-2023-22620 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-22897 (6.5)

SolarWinds Platform
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36… (8.8)
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47… (7.8)
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47… (4.3)

Tribe29 Checkmk
https://nvd.nist.gov/vuln/detail/CVE-2023-22294 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-22307 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-2020 (4.3)

Juniper Networks Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2023-28983 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-28960 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-28966 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-28973 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-28978 (5.3)

Oracle VM VirtualBox
https://nvd.nist.gov/vuln/detail/CVE-2023-21990 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-21987 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-21989 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-22002 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-21998 (4.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-22000 (4.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-22001 (4.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-21997 (4.3)

HPE OneView
https://nvd.nist.gov/vuln/detail/CVE-2023-28091 (7.9)

Juniper Networks Junos OS / Juno OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2023-28964 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-28967 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-28982 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-28981 (6.5)

Traefik
https://nvd.nist.gov/vuln/detail/CVE-2023-29013 (7.5)

Juniper Networks Junos OS
https://nvd.nist.gov/vuln/detail/CVE-2023-28974 (7.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-1697 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-28965 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-28962 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-28963 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-28984 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-28979 (4.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-28975 (4.6)
MX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-28976 (7.5)
NFX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-28972 (6.8)
JRR200
https://nvd.nist.gov/vuln/detail/CVE-2023-28970 (6.5)
QFX10002
https://nvd.nist.gov/vuln/detail/CVE-2023-28959 (6.5)
ACX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-28961 (5.8)
SRX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-28968 (5.3)

Cilium
https://nvd.nist.gov/vuln/detail/CVE-2023-29002 (7.2)

Juniper Networks Paragon Active Assurance (PAA)
https://nvd.nist.gov/vuln/detail/CVE-2023-28971 (7.2)

Jenkins diverse plugins
https://www.jenkins.io/security/advisory/2023-04-12/ (high-medium)

Medium

Qualys Cloud Agent
https://nvd.nist.gov/vuln/detail/CVE-2023-28140 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-28141 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-28142 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-28143 (6.7)

Nextcloud Server / Server Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2023-30539 (6.5)

Palo Alto Networks PAN-OS
https://nvd.nist.gov/vuln/detail/CVE-2023-0004 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-0005 (4.1)

Palo Alto Networks GlobalProtect
https://nvd.nist.gov/vuln/detail/CVE-2023-0006 (6.3)

Redis
https://nvd.nist.gov/vuln/detail/CVE-2023-28856 (5.5)