Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Apache Cloudstack
https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1/ (9.8)
Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0279 (9.8-4.7)
Arista EOS (met OpenConfig)
https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099 (9.6)
Citrix NetScaler Console / SVM / Agent
https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-svm-security-bulletin-for-cve20246235-and-cve20246236 (9.4-7.1)
Fortinet FortiAIOps
https://nvd.nist.gov/vuln/detail/CVE-2024-27784 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-27782 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-27783 (7.6)
https://nvd.nist.gov/vuln/detail/CVE-2024-27785 (5.4)
Fortinet FortiExtender
https://www.fortiguard.com/psirt/FG-IR-23-459 (8.8)
Microsoft Azure
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0285 (8.8-6.4)
Citrix Virtual Apps and Desktops (Virtual Delivery Agent for Windows)
https://support.citrix.com/article/CTX678035/windows-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve20246151 (8.5)
Citrix Workspace app for Windows
https://support.citrix.com/article/CTX678036/citrix-workspace-app-for-windows-security-bulletin-cve20246286 (8.5)
Traefik
https://nvd.nist.gov/vuln/detail/CVE-2024-39321 (7.5)
Fortinet FortiADC
https://fortiguard.fortinet.com/psirt/FG-IR-22-298 (7.2)
https://fortiguard.fortinet.com/psirt/FG-IR-23-469 (4.8)
https://fortiguard.fortinet.com/psirt/FG-IR-23-480 (4.7)
WatchGuard Fireware OS
https://nvd.nist.gov/vuln/detail/CVE-2024-5974 (7.2)
Fortinet Fortiweb
https://fortiguard.fortinet.com/psirt/FG-IR-22-298 (7.2)
https://fortiguard.fortinet.com/psirt/FG-IR-22-326 (4.4)
NetScaler ADC / NetScaler Gateway
https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492 (7.1-5.1)
Zoom Apps for Windows
https://www.zoom.com/en/trust/security-bulletin/zsb-24019/ (7.1)
OpenSSH
https://nvd.nist.gov/vuln/detail/CVE-2024-6409 (7.0)
Fortinet FortiOS / FortiProxy
https://fortiguard.fortinet.com/psirt/FG-IR-23-485 (6.9)
NGINX Proxy Manager
https://nvd.nist.gov/vuln/detail/CVE-2024-39935 (n/a)
Medium
QEMU
https://nvd.nist.gov/vuln/detail/CVE-2024-6505 (6.8)
Zoom Workplace Apps / SDKs
https://www.zoom.com/en/trust/security-bulletin/zsb-24023/ (6.8)
https://www.zoom.com/en/trust/security-bulletin/zsb-24026/ (6.7)
Zoom Workplace App for Windows / Rooms App for Windows
https://www.zoom.com/en/trust/security-bulletin/zsb-24028/ (6.6)
Zoom Workplace Desktop App for macOS
https://www.zoom.com/en/trust/security-bulletin/zsb-24027/ (6.6)
OpenStack Cinder / Glance / Nova
https://nvd.nist.gov/vuln/detail/CVE-2024-32498 (6.5)
VMware Cloud Director Availability
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24557 (6.4)
NetApp SnapCenter
https://nvd.nist.gov/vuln/detail/CVE-2024-21993 (5.7)
389 Directory Server
https://nvd.nist.gov/vuln/detail/CVE-2024-6237 (5.3)
Zoom Workplace Desktop App for Windows
https://www.zoom.com/en/trust/security-bulletin/zsb-24024/ 5.5)
Zoom Apps / SDKs
https://www.zoom.com/en/trust/security-bulletin/zsb-24020/ (5.3)
https://www.zoom.com/en/trust/security-bulletin/zsb-24021/ (4.4)
IBM Cloud Pak for Business Automation
https://nvd.nist.gov/vuln/detail/CVE-2024-37528 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-31897 (4.3)
Fortinet FortiWeb
https://nvd.nist.gov/vuln/detail/CVE-2024-33509 (4.8)
IBM FlashSystem
https://nvd.nist.gov/vuln/detail/CVE-2024-39723 (4.6)
Fortinet FortiPortal
https://nvd.nist.gov/vuln/detail/CVE-2024-21759 (4.3)
Exim
https://nvd.nist.gov/vuln/detail/CVE-2024-39929 (n/a)
Netbox
https://nvd.nist.gov/vuln/detail/CVE-2024-40726 (n/a)
t/m
https://nvd.nist.gov/vuln/detail/CVE-2024-40742 (n/a)
OpenVPN (Windows)
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/ (n/a)