Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Aruba InstantOS / ArubaOS 10
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-006.txt (9.8-5.4)
Cisco SPA112 2-Port Phone Adapters
https://nvd.nist.gov/vuln/detail/CVE-2023-20126 (9.8)
GitLab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2023-2478 (9.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-1965 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-2182 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-0485 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-2069 (6.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-1178 (5.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-0155 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-1265 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-0805 (4.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-1204 (n/a)
Cisco StarOS Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20046 (8.8)
Elastic Kibana
https://nvd.nist.gov/vuln/detail/CVE-2023-31414 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-31415 (8.2)
F5 NGINX Instance Manager / NGINX API Connectivity Manager / NGINX Security Monitoring
https://nvd.nist.gov/vuln/detail/CVE-2023-28656 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-28724 (7.1)
OTRS
https://nvd.nist.gov/vuln/detail/CVE-2023-2534 (7.6)
F5 BIG-IP (all modules)
https://nvd.nist.gov/vuln/detail/CVE-2023-27378 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-29163 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-28406 (4.3)
Fortinet FortiOS / FortiProxy
https://nvd.nist.gov/vuln/detail/CVE-2023-22640 (7.5)
F5 BIG-IP Edge Client for Windows / Mac OS
https://nvd.nist.gov/vuln/detail/CVE-2023-24461 (7.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-22372 (5.9)
Dell Command Monitor
https://nvd.nist.gov/vuln/detail/CVE-2023-28068 (7.3)
F5 BIG-IP (DNS)
https://nvd.nist.gov/vuln/detail/CVE-2023-28742 (7.2)
Veritas InfoScale Operations Manager
https://nvd.nist.gov/vuln/detail/CVE-2023-32568 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-32569 (7.2)
Zoho ManageEngine OPManager
https://nvd.nist.gov/vuln/detail/CVE-2023-31099 (high)
Medium
Dell VxRail
https://www.dell.com/support/kbdoc/nl-nl/000213011/dsa-2023-071-dell-vx… (6.7-4.7)
FortiNet FortiNAC-F / FortiNAC
https://nvd.nist.gov/vuln/detail/CVE-2023-26203 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-22637 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-45860 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-43950 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-45859 (4.1)
Fortinet FortiADC
https://nvd.nist.gov/vuln/detail/CVE-2023-27999 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-27993 (6.0)
F5 BIG-IQ Centralized Management
https://nvd.nist.gov/vuln/detail/CVE-2023-29240 (5.4)
F5 BIG-IP (all modules) / BIG-IP Next SPK
https://nvd.nist.gov/vuln/detail/CVE-2023-24594 (5.3)
Cisco SDWAN vManage Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20098 (4.4)
FortiNet FortiNAC
https://nvd.nist.gov/vuln/detail/CVE-2022-45858 (4.2)
IBM Cloud Pak System Suite
https://nvd.nist.gov/vuln/detail/CVE-2020-4914 (4.2)
Octopus Deploy
https://nvd.nist.gov/vuln/detail/CVE-2022-4008 (medium)