Kwetsbaarheden - Week 29

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Citrix (Netscaler) ADC / Gateway
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 (9.8-8.0)

Sonicwall GMS & Analytics
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 (9.8-4.9)

Cisco SD-WAN vManage
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA (9.1)

VMWare Tanzu Spring Security
https://spring.io/security/cve-2023-34034 (9.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-34035 (7.3)

Hitachi Device Manager (Windows / Linux)
https://nvd.nist.gov/vuln/detail/CVE-2023-34142 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-34143 (5.6)

Jenkins (Diverse plugins)
https://www.jenkins.io/security/advisory/2023-07-12/ (8.8-3.1)

Zyxel ATP series / USG Flex series / VPN
https://nvd.nist.gov/vuln/detail/CVE-2023-28767 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-34139 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-33012 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-33011 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-34141 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-34138 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-34140 (6.5)

Atlassian Confluence Datacenter & Server
https://nvd.nist.gov/vuln/detail/CVE-2023-22508 (8.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22505 (8.0)

Oracle VM VirtualBox
https://nvd.nist.gov/vuln/detail/CVE-2023-22018 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-22017 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-22016 (4.2)

Envoy
https://nvd.nist.gov/vuln/detail/CVE-2023-35945 (7.5)

Juniper Networks
Junos OS / Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2023-36849 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-36840 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-36836 (4.7)
MX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-28985 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-36832 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-36850 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-36848 (6.5)
PTX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-36833 (6.5)
SRX Series
https://nvd.nist.gov/vuln/detail/CVE-2023-28985 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-36831 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-36834 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-36838 (5.5)
QFX 10000 Series
https://nvd.nist.gov/vuln/detail/CVE-2023-36835 (7.5)

Redis
https://nvd.nist.gov/vuln/detail/CVE-2023-36824 (7.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-24834 (7.0)

Hitachi Replication Manager
https://nvd.nist.gov/vuln/detail/CVE-2022-4146 (7.3)

Veritas InfoScale Operations Manager (VIOM)
https://nvd.nist.gov/vuln/detail/CVE-2023-38404 (7.2)

Medium

Hitachi Device Manager (Linux)
https://nvd.nist.gov/vuln/detail/CVE-2020-36695 (6.6)

IBM Spectrum Protect
https://nvd.nist.gov/vuln/detail/CVE-2023-33832 (6.2)

HCL Bigfix
https://nvd.nist.gov/vuln/detail/CVE-2023-28021 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-28019 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-28023 (4.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-28020 (4.7)
Palo Alto Networks PAN-OS
https://security.paloaltonetworks.com/CVE-2023-38046 (5.5)