Kwetsbaarheden - Week 29

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Supermicro BMC
https://nvd.nist.gov/vuln/detail/CVE-2024-36435 (9.8)

Gitlab CE/EE
https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-… (9.6-4.9)

Citrix NetScaler Console / Agent / SDX (SVM)
https://support.citrix.com/s/article/CTX677998-netscaler-console-agent-… (9.4-7.1)

Symantec Privileged Access Management
https://nvd.nist.gov/vuln/detail/CVE-2024-38492 (9.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-36456 (9.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-36455 (9.4) 
https://nvd.nist.gov/vuln/detail/CVE-2024-38494 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2024-38491 (8.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-38493 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-36457 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-38495 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-38496 (5.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-36458 (5.1)

baramundi Management Server / Agent
https://www.baramundi.com/en-us/security-info/s-2024-01/ (9.0-7.8)

Juniper Networks Junos OS
https://nvd.nist.gov/vuln/detail/CVE-2024-39565 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-39530 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-39565 (6.8)
MX240 / MX480 / MX960
https://nvd.nist.gov/vuln/detail/CVE-2024-39518 (8.7)
MX Series / MX304 / Junos OS Evolved on ACX Series / PTX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-39542 (8.7)
SRX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-39529 (8.7)
SRX Series / MX Series with SPC3
https://nvd.nist.gov/vuln/detail/CVE-2024-39551 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-39540 (8.7)
SRX Series / MX Series with SPC3 / NFX350
https://nvd.nist.gov/vuln/detail/CVE-2024-39545 (8.7)
MX Series with SPC3
https://nvd.nist.gov/vuln/detail/CVE-2024-39550 (7.1)
QFX5000 Series / EX4600 Series
https://nvd.nist.gov/vuln/detail/CVE-2024-39533 (6.9)
MX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-39539 (6.0)
SRX4600 / SRX5000 Series
https://nvd.nist.gov/vuln/detail/CVE-2024-39561 (5.8)

Juniper Networks Junos OS Evolved
https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-J… (8.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-39546 (8.4) 
https://nvd.nist.gov/vuln/detail/CVE-2024-39559 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2024-39557 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39548 (7.1) 
https://nvd.nist.gov/vuln/detail/CVE-2024-39512 (7.0)
https://nvd.nist.gov/vuln/detail/CVE-2024-39553 (6.9)
https://nvd.nist.gov/vuln/detail/CVE-2024-39537 (6.9)
https://nvd.nist.gov/vuln/detail/CVE-2024-39513 (6.8)
ACX7000 Series
https://nvd.nist.gov/vuln/detail/CVE-2024-39531 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-39519 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39538 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39535 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39519 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39537 (6.0)

Juniper Networks Junos OS / OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2024-39555 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-39549 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-39560 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39558 (7.1) 
https://nvd.nist.gov/vuln/detail/CVE-2024-39543 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39541 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39514 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39528 (6.0)

VMware Aria Automation
https://support.broadcom.com/web/ecx/support-content-notification/-/ext… (8.5)

Hashicorp Vault / Vault Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2024-6468 (7.5)

Suricata
https://nvd.nist.gov/vuln/detail/CVE-2024-38536 (7.5)

Atlassian Confluence Data Center / Server
https://nvd.nist.gov/vuln/detail/CVE-2024-21686 (7.3)

xrdp
https://nvd.nist.gov/vuln/detail/CVE-2024-39917 (7.2)

Citrix NetScaler ADC / NetScaler Gateway
https://support.citrix.com/s/article/CTX677944-netscaler-adc-and-netsca… (7.1-5.1)

Devolutions Remote Desktop Manager (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2024-6492 (7.1)

Zoom Workplace Apps / SDKs for Windows
https://nvd.nist.gov/vuln/detail/CVE-2024-27240 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-27240 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39819 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-27241 (5.3)

Palo Alto Networks Panorama
https://security.paloaltonetworks.com/CVE-2024-5911 (7.0)

Securepoint UTM
https://nvd.nist.gov/vuln/detail/CVE-2024-39340 (n/a)

Xen
https://xenbits.xenproject.org/xsa/advisory-458.html (n/a)
https://xenbits.xenproject.org/xsa/advisory-459.html (n/a)

Medium

Palo Alto Networks Cortex XDR Agent
https://nvd.nist.gov/vuln/detail/CVE-2024-5912 (6.8)

Cisco IOS XR Software
https://nvd.nist.gov/vuln/detail/CVE-2024-20456 (6.7)

OTRS 
https://nvd.nist.gov/vuln/detail/CVE-2024-6540 (5.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-23794 (5.2)

Palo Alto Networks PAN-OS
https://security.paloaltonetworks.com/CVE-2024-5913 (5.4)
https://security.paloaltonetworks.com/CVE-2024-3596 (5.3)

Citrix Workspace app for HTML5
https://support.citrix.com/s/article/CTX678037-citrix-workspace-app-for… (5.3-4.8)

Citrix Provisioning
https://nvd.nist.gov/vuln/detail/CVE-2024-6150 (4.8)

Linux Kernel Netfilter
https://nvd.nist.gov/vuln/detail/CVE-2024-39503 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2024-39504 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2024-40993 (n/a)