Kwetsbaarheden - Week 34

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Ivanti Sentry / MobileIron Sentry
https://nvd.nist.gov/vuln/detail/CVE-2023-38035 (9.8)

Juniper Networks Junos OS SRX Series / EX Series J-Web
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Securi… (9.8-5.3)

Jenkins diverse plugins
https://www.jenkins.io/security/advisory/2023-08-16/ (8.8-5.3)

Zimbra Collaboration Suite (ZCS)
https://wiki.zimbra.com/wiki/Security_Center (8.8)

Cisco Unified Communications Manager
https://nvd.nist.gov/vuln/detail/CVE-2023-20211 (8.1)

Cisco ThousandEyes Enterprise Agent Virtual Appliance
https://nvd.nist.gov/vuln/detail/CVE-2023-20224 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-20217 (5.5)

Cisco Secure Endpoint Connector (Windows / macOS / Linux) / Secure Endpoint Private Cloud (ClamAV)
https://nvd.nist.gov/vuln/detail/CVE-2023-20197 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-20212 (7.5)

OpenMNS Horizon / Meridian
https://nvd.nist.gov/vuln/detail/CVE-2023-40313 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-40315 (5.3)

Draytek Vigor2620
https://nvd.nist.gov/vuln/detail/CVE-2023-31447 (n/a)

Zoho ManageEngine ADManager Plus
https://nvd.nist.gov/vuln/detail/CVE-2023-31492 (n/a)

Medium

Cisco Expressway Series / TelePresence Video Communication Server (VCS)
https://nvd.nist.gov/vuln/detail/CVE-2023-20209 (6.5)

Cisco Identity Services Engine
https://nvd.nist.gov/vuln/detail/CVE-2023-20111 (6.5)

Cisco Intersight Private Virtual Appliance
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-20237 (4.3)

Cisco IP Phone 6800, 7800, and 8800 Series
https://nvd.nist.gov/vuln/detail/CVE-2023-20221 (6.5)

Fortinet FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2023-29182 (6.4)

Cisco Integrated Management Controller (IMC)
https://nvd.nist.gov/vuln/detail/CVE-2023-20228 (6.1)

Devolutions Remote Desktop Manager Windows
https://devolutions.net/security/advisories/DEVO-2023-0015/ (5.7)

OpenShift-logging LokiStack
https://nvd.nist.gov/vuln/detail/CVE-2023-4456 (5.7)

Cisco Unified Contact Center Express (Unified CCX)
https://nvd.nist.gov/vuln/detail/CVE-2023-20232 (5.3)

Cisco Prime Infrastructure / Evolved Programmable Network Manager
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-20222 (4.8)

Cisco Unified Communications Manager (Unified CM) / Unified CM Session Management Edition (Unified CM SME) / Unified Communications Manager IM & Presence Service (Unified CM IM&P)
https://nvd.nist.gov/vuln/detail/CVE-2023-20242 (4.8)