Kwetsbaarheden - Week 28

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Roxy-WI
https://nvd.nist.gov/vuln/detail/CVE-2022-31125 (10.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-31126 (10.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-31137 (10.0)

Cisco Expressway Series / TelePresence Video Communication Server
https://nvd.nist.gov/vuln/detail/CVE-2022-20812 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-20813 (7.4)

Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2022-0450 (8.8-4.7)

Microsoft Azure Site Recovery / Storage Library
https://advisories.ncsc.nl/advisory?id=NCSC-2022-0452 (8.3-4.9)

Kubernetes aws-iam-authenticator
https://nvd.nist.gov/vuln/detail/CVE-2022-2385 (8.1)

Symantec Advanced Secure Gateway / ProxySG
https://nvd.nist.gov/vuln/detail/CVE-2021-46825 (8.1)

Dell EMC Storage (Cloud Mobility)
https://nvd.nist.gov/vuln/detail/CVE-2022-33936 (8.0)

Dell PowerProtect Cyber Recovery
https://nvd.nist.gov/vuln/detail/CVE-2022-32481 (7.8)

Cisco Smart Software Manager (On-Prem)
https://nvd.nist.gov/vuln/detail/CVE-2022-20808 (7.7)

(Python) Openssh_key_parser
https://nvd.nist.gov/vuln/detail/CVE-2022-31124 (7.7)

OpenVPN Access Server
https://nvd.nist.gov/vuln/detail/CVE-2022-33737 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-33738 (n/a)

Veeam Management Pack 8.0 (voor Microsoft System Center)
https://www.veeam.com/kb4338 (n/a)

Medium

Cisco Unified Communications Manager (UCM) / UCM Session Management Edition / UCM
IM & Presence Service

https://nvd.nist.gov/vuln/detail/CVE-2022-20791 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-20859 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-20800 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20815 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20752 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-20862 (4.3)

Cisco Unity Connection
https://nvd.nist.gov/vuln/detail/CVE-2022-20859 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-20800 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20752 (5.3)

KubeEdge
https://nvd.nist.gov/vuln/detail/CVE-2022-31073 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-31075 (4.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-31074 (4.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-31078 (4.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-31079 (4.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-31080 (4.4)

VMWare ESXi / Cloud Foundation
https://www.vmware.com/security/advisories/VMSA-2022-0020.html (5.6)

Nextcloud Mail
https://nvd.nist.gov/vuln/detail/CVE-2022-31131 (5.4)

VMWare vCenter Server
https://www.vmware.com/security/advisories/VMSA-2022-0018.html (5.3)

Cisco TelePresence Collaboration Endpoint / RoomOS
https://nvd.nist.gov/vuln/detail/CVE-2022-20768 (4.9)

OpenVPN Access Server
https://nvd.nist.gov/vuln/detail/CVE-2021-4234 (n/a)

QEMU
https://nvd.nist.gov/vuln/detail/CVE-2022-35414 (n/a)

Xen Hypervisor
https://xenbits.xenproject.org/xsa/advisory-407.html (n/a)
https://support.citrix.com/article/CTX461397/citrix-hypervisor-security-bulletin-for-cve202223816-and-cve202223825