Kwetsbaarheden - Week 28

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners. Deze selectie wordt gezamenlijk met relevant nieuws verspreid in de Mid of Week.

De inschatting van low/medium/high wordt gemaakt op basis van de CVSS 3.1 base score van de kwetsbaarheid. 0.0-3.9 is low, 4.0-6.9 is medium, 7.0-10.0 is high.

Kwetsbaarheden die als low worden geclassificeerd komen niet in dit overzicht terug.

High

Microsoft Windows

https://advisories.ncsc.nl/advisory?id=NCSC-2021-0609 (9.9-5.3)

Kaseya VSA

https://nvd.nist.gov/vuln/detail/CVE-2021-30116 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-30118 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-30201 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-30117 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-30121 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-30120 (7.5)

Fortinet Fortimail

https://nvd.nist.gov/vuln/detail/CVE-2021-24020 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-24007 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-22129 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-26100 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-26090 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-24015 (7.2)

ForgeRock Access Management

https://backstage.forgerock.com/knowledge/kb/article/a47894244 (9.3)

Solarwinds Serv-U

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211 (9.0)

Cisco Web Security Appliance (AsyncOS)

https://nvd.nist.gov/vuln/detail/CVE-2021-1359 (8.8)

Nextcloud Server

https://nvd.nist.gov/vuln/detail/CVE-2021-32688 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-32726 (7.1)

Cisco Adaptive Security Device Manager

https://nvd.nist.gov/vuln/detail/CVE-2021-1585 (8.1)

Nextcloud Talk

https://nvd.nist.gov/vuln/detail/CVE-2021-32689 (8.1)

Microsoft Windows Exchange

https://advisories.ncsc.nl/advisory?id=NCSC-2021-0608 (8.0-7.2)

Fortinet FortiClient MAC

https://nvd.nist.gov/vuln/detail/CVE-2021-26089 (7.8)

Microsoft Malware Protection Engine

https://advisories.ncsc.nl/advisory?id=NCSC-2021-0604 (7.8)

Gitlab

https://nvd.nist.gov/vuln/detail/CVE-2021-22230 (7.2)

VMWare ESXi / Cloud Foundation

https://nvd.nist.gov/vuln/detail/CVE-2021-21994 (7.0)

Citrix Virtual Apps and Desktop

https://support.citrix.com/article/CTX319750 (n/a)

Medium

VMWare ThinApp

https://nvd.nist.gov/vuln/detail/CVE-2021-22000 (6.8)

Fortinet Fortimail

https://nvd.nist.gov/vuln/detail/CVE-2021-24013 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-26099 (4.9)

Gitlab

https://nvd.nist.gov/vuln/detail/CVE-2021-22224 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-22227 (6.1)

https://nvd.nist.gov/vuln/detail/CVE-2021-22225 (5.4)

https://nvd.nist.gov/vuln/detail/CVE-2021-22231 (4.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-22233 (4.3)

Fortinet FortiManager

https://www.fortiguard.com/psirt/FG-IR-20-194 (6.1)

Nextcloud Android Client

https://nvd.nist.gov/vuln/detail/CVE-2021-32727 (5.7)

PRTG

https://www.paessler.com/prtg/history/stable (5.5)

Kaseya VSA

https://nvd.nist.gov/vuln/detail/CVE-2021-30119 (5.4)

VMWare ESXi / Cloud Foundation

https://nvd.nist.gov/vuln/detail/CVE-2021-21995 (5.3)

Nextcloud Server

https://nvd.nist.gov/vuln/detail/CVE-2021-32705 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-32703 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-32741 (5.3)

Cisco Identity Service Engine

https://nvd.nist.gov/vuln/detail/CVE-2021-1603 (4.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1604 (4.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1605 (4.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1606 (4.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-1607 (4.8)

Nextcloud Text

https://nvd.nist.gov/vuln/detail/CVE-2021-32733 (4.8)

Nextcloud Mail

https://nvd.nist.gov/vuln/detail/CVE-2021-32707 (4.3)

OpenVPN

https://nvd.nist.gov/vuln/detail/CVE-2021-3547 (n/a)

PuTTY

https://nvd.nist.gov/vuln/detail/CVE-2021-36367 (n/a)

Bent u een digitale dienstverlener en wenst u onze complete Mid of Week te ontvangen? Dan kunt u per e-mail uw aanmelding doorgeven. Vermeld hierbij het e-mailadres waar u de Mid of Week op wenst te ontvangen.