Kwetsbaarheden - Week 32

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Draytek Vigor Series Router
https://www.draytek.com/about/security-advisory/draytek-router-unauthenticated-remote-code-execution-vulnerability-(cve-2022-32548)/ (10.0)

BMC Track-It!
https://nvd.nist.gov/vuln/detail/CVE-2022-35865 (9.8)

Cisco Small Business RV160 / RV260 / RV340 / RV345 Series Routers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR (9.8-8.3)

Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2022-0522 (9.8-5.3)

Vinchin Backup and Recovery
https://nvd.nist.gov/vuln/detail/CVE-2022-35866 (9.8)

Citrix Hypervisor
https://nvd.nist.gov/vuln/detail/CVE-2022-33745 (8.8)

Nextcloud Mail
https://nvd.nist.gov/vuln/detail/CVE-2022-31132 (8.3)

Microsoft Azure
https://advisories.ncsc.nl/advisory?id=NCSC-2022-0520 (8.1-4.4)

Microsoft Exchange Server
https://advisories.ncsc.nl/advisory?id=NCSC-2022-0523 (8.0-4.8)

F5 BIG-IP
https://nvd.nist.gov/vuln/detail/CVE-2022-34655 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-34862 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-32455 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-35240 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-35236 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-35272 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-34651 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-35735 (7.2)
APM
https://nvd.nist.gov/vuln/detail/CVE-2022-33203 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-35245 (7.5)
ASM / AWAF
https://support.f5.com/csp/article/K22251611 (n/a)
iControl REST
https://nvd.nist.gov/vuln/detail/CVE-2022-35243 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-35728 (8.1)
SSL Orchestrator
https://nvd.nist.gov/vuln/detail/CVE-2022-33203 (7.5)

Rsync
https://nvd.nist.gov/vuln/detail/CVE-2022-29154 (7.4)

Centreon
https://nvd.nist.gov/vuln/detail/CVE-2022-34871 (7.2)

VMWare vRealize Operations
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31672 (7.2)

Medium

F5 BIG-IP
https://nvd.nist.gov/vuln/detail/CVE-2022-33962 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-34844 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-34865 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-34851 (4.3)
APM
https://nvd.nist.gov/vuln/detail/CVE-2022-31473 (6.8)
DNS
https://nvd.nist.gov/vuln/detail/CVE-2022-33947 (5.4)

BMC Track-It!
https://nvd.nist.gov/vuln/detail/CVE-2022-35864 (6.5)

Centreon
https://nvd.nist.gov/vuln/detail/CVE-2022-34872 (6.5)

Cisco Unified Communications Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE (6.5)

F5 NGINX Instance Manager
https://nvd.nist.gov/vuln/detail/CVE-2022-35241 (6.5)

F5 NGINX Ingress Controller
https://nvd.nist.gov/vuln/detail/CVE-2022-30535 (6.5)

Gitlab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2022-2512 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-2498 (6.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-2326 (6.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-2417 (6.2)
https://nvd.nist.gov/vuln/detail/CVE-2022-2501 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-2497 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-2531 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-2539 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-2456 (4.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-2500 (4.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-2303 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-2095 (4.3)

Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2022-31118 (6.5)

VMWare vRealize Operations
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31673 (6.5)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31674 (6.5)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31675 (5.6)

Cisco BroadWorks Application Delivery Platform
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-xbhfr4cD (6.1)

F5 BIG-IQ
https://nvd.nist.gov/vuln/detail/CVE-2022-34844 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-34851 (4.3)

VMWare Workstation
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22983 (5.7)

Cisco Webex Meetings
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS (5.4-4.3)

Cisco Identity Services Engine
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF (4.9)

Kaspersky VPN Secure Connection (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2022-27535 (n/a)

OpenStack Nova (SR-IOV)
https://nvd.nist.gov/vuln/detail/CVE-2022-37394 (n/a)