Kwetsbaarheden - Week 32

10 aug 2022

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Draytek Vigor Series Router

https://www.draytek.com/about/security-advisory/draytek-router-unauthenticated-remote-code-execution-vulnerability-(cve-2022-32548)/ (10.0)

BMC Track-It!

https://nvd.nist.gov/vuln/detail/CVE-2022-35865 (9.8)

Cisco Small Business RV160 / RV260 / RV340 / RV345 Series Routers

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR (9.8-8.3)

Microsoft Windows

https://advisories.ncsc.nl/advisory?id=NCSC-2022-0522 (9.8-5.3)

Vinchin Backup and Recovery

https://nvd.nist.gov/vuln/detail/CVE-2022-35866 (9.8)

Citrix Hypervisor

https://nvd.nist.gov/vuln/detail/CVE-2022-33745 (8.8)

Nextcloud Mail

https://nvd.nist.gov/vuln/detail/CVE-2022-31132 (8.3)

Microsoft Azure

https://advisories.ncsc.nl/advisory?id=NCSC-2022-0520 (8.1-4.4)

Microsoft Exchange Server

https://advisories.ncsc.nl/advisory?id=NCSC-2022-0523 (8.0-4.8)

Rsync

https://nvd.nist.gov/vuln/detail/CVE-2022-29154 (7.4)

Centreon

https://nvd.nist.gov/vuln/detail/CVE-2022-34871 (7.2)

VMWare vRealize Operations

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31672 (7.2)

Medium

F5 BIG-IP

https://nvd.nist.gov/vuln/detail/CVE-2022-33962 (6.7)

https://nvd.nist.gov/vuln/detail/CVE-2022-34844 (5.9)

https://nvd.nist.gov/vuln/detail/CVE-2022-34865 (4.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-34851 (4.3)

APM

https://nvd.nist.gov/vuln/detail/CVE-2022-31473 (6.8)

DNS

https://nvd.nist.gov/vuln/detail/CVE-2022-33947 (5.4)

BMC Track-It!

https://nvd.nist.gov/vuln/detail/CVE-2022-35864 (6.5)

Centreon

https://nvd.nist.gov/vuln/detail/CVE-2022-34872 (6.5)

Cisco Unified Communications Manager

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE (6.5)

F5 NGINX Instance Manager

https://nvd.nist.gov/vuln/detail/CVE-2022-35241 (6.5)

F5 NGINX Ingress Controller

https://nvd.nist.gov/vuln/detail/CVE-2022-30535 (6.5)

Nextcloud Server

https://nvd.nist.gov/vuln/detail/CVE-2022-31118 (6.5)

VMWare vRealize Operations

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31673 (6.5)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31674 (6.5)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31675 (5.6)

Cisco BroadWorks Application Delivery Platform

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-xbhfr4cD (6.1)

F5 BIG-IQ

https://nvd.nist.gov/vuln/detail/CVE-2022-34844 (5.9)

https://nvd.nist.gov/vuln/detail/CVE-2022-34851 (4.3)

VMWare Workstation

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22983 (5.7)

Cisco Webex Meetings

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS (5.4-4.3)

Cisco Identity Services Engine

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF (4.9)

Kaspersky VPN Secure Connection (Windows)

https://nvd.nist.gov/vuln/detail/CVE-2022-27535 (n/a)

OpenStack Nova (SR-IOV)

https://nvd.nist.gov/vuln/detail/CVE-2022-37394 (n/a)