Kwetsbaarheden - Week 18

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Extreme Networks Avaya ERS 3500 / 3600 / 4900 / 5900
https://extremeportal.force.com/ExtrArticleDetail?an=000104247&q=CVE-2022-29860 (9.8)
https://extremeportal.force.com/ExtrArticleDetail?an=000104248&q=CVE-2022-29861 (9.8)

Aruba Networks Aruba 2530 / 2540 / 2920 / 2930F / 2930M / 3810 / 5400R Series Switches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt (9.1-9.0)

FreeRDP
https://nvd.nist.gov/vuln/detail/CVE-2022-24882 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-24883 (7.4)

Cisco Adaptive Security Appliance
https://nvd.nist.gov/vuln/detail/CVE-2022-20759 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-20715 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20745 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20760 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20737 (8.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-20742 (7.4)

Cisco Firepower Threat Defense
https://nvd.nist.gov/vuln/detail/CVE-2022-20759 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-20715 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20745 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20760 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20757 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20751 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20746 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20767 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20742 (7.4)

Fortinet FortiClient
https://fortiguard.fortinet.com/psirt/FG-IR-21-154 (8.8)

Fortinet FortiIsolator
https://fortiguard.fortinet.com/psirt/FG-IR-21-040 (8.6)

Dell Unity / Unity VSA / Unity XT
https://www.dell.com/support/kbdoc/nl-nl/000199050/dsa-2022-021-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities (8.1-6.4)

Sonicwall Global VPN Client
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036 (7.7)

Gitlab CE / EE
https://about.gitlab.com/releases/2022/05/02/security-release-gitlab-14-10-1-released/ (7.1-4.3)

Zoho ManageEngine Access Manager Plus / Password Manager Pro / PAM360
https://nvd.nist.gov/vuln/detail/CVE-2022-29081 (n/a)

Medium

Dell Client SupportAssist OS Recovery
https://www.dell.com/support/kbdoc/nl-nl/000198780/dsa-2022-102 (6.8)

Fortinet FortiNAC
https://fortiguard.fortinet.com/psirt/FG-IR-22-062 (6.8)

Fortinet FortiSOAR
https://fortiguard.fortinet.com/psirt/FG-IR-22-041 (6.8)

Cisco Firepower Management Center
https://nvd.nist.gov/vuln/detail/CVE-2022-20743 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-20740 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20627 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-20628 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-20629 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-20744 (4.3)

Fortinet FortiOS
https://fortiguard.fortinet.com/psirt/FG-IR-21-147 (6.2)
https://fortiguard.fortinet.com/psirt/FG-IR-21-230 (6.0)
https://fortiguard.fortinet.com/psirt/FG-IR-21-239 (4.8)
https://fortiguard.fortinet.com/psirt/FG-IR-21-231 (4.1)

Fortinet FortiProxy
https://fortiguard.fortinet.com/psirt/FG-IR-21-230 (6.0)
https://fortiguard.fortinet.com/psirt/FG-IR-21-231 (4.1)

Cisco Firepower Threat Defense
https://nvd.nist.gov/vuln/detail/CVE-2022-20748 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-20729 (4.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-20730 (4.0)

Sonicwall SonicOS
https://nvd.nist.gov/vuln/detail/CVE-2022-22278 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-22275 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-22276 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-22277 (5.3)

Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2022-24888 (4.3)

Nextcloud Talk
https://nvd.nist.gov/vuln/detail/CVE-2022-24887 (4.3)

OpenSSL
https://nvd.nist.gov/vuln/detail/CVE-2022-1292 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-1343 (n/a)