Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners. Deze selectie wordt gezamenlijk met relevant nieuws verspreid in de Mid of Week.
De inschatting van low/medium/high wordt gemaakt op basis van de CVSS 3.1 base score van de kwetsbaarheid. 0.0-3.9 is low, 4.0-6.9 is medium, 7.0-10.0 is high.
Kwetsbaarheden die als low worden geclassificeerd komen niet in dit overzicht terug.
High
Microsoft Azure
https://advisories.ncsc.nl/advisory?id=NCSC-2021-0801 (9.8-4.4)
Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2021-32802 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-32800 (8.1)
Zoho ManageEngine ADSelfService Plus
https://nvd.nist.gov/vuln/detail/CVE-2021-40539 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-37423 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2021-37422 (n/a)
Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2021-0798 (8.8-5.5)
Fortinet Fortiweb
https://nvd.nist.gov/vuln/detail/CVE-2021-36179 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-36182 (8.8)
Cisco IOS XR
https://nvd.nist.gov/vuln/detail/CVE-2021-34720 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2021-34718 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2021-34719 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-34728 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-34713 (7.4)
Palo Alto Networks Cortex XSOAR
https://nvd.nist.gov/vuln/detail/CVE-2021-3051 (8.1)
HAproxy
https://nvd.nist.gov/vuln/detail/CVE-2021-40346 (7.5)
Palo Alto Networks PAN-OS
https://nvd.nist.gov/vuln/detail/CVE-2021-3053 (7.5)
Nextcloud onderdelen
Richdocuments:
https://nvd.nist.gov/vuln/detail/CVE-2021-37628 (7.5)
Dell EMC iDRAC9
https://www.dell.com/support/kbdoc/nl-nl/000191229/dsa-2021-177-dell-emc-idrac-security-update-for-multiple-security-vulnerabilities (7.1-5.9)
Zoho ManageEngine Desktop Central
https://nvd.nist.gov/vuln/detail/CVE-2021-37414 (n/a)
Citrix ShareFile Storage Zones Controller
https://support.citrix.com/article/CTX328123 (n/a)
Medium
Fortinet FortiClient Linux
https://www.fortiguard.com/psirt/FG-IR-20-241 (6.7)
Cisco IOS XR
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbk (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-34721 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2021-34722 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2021-34785 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-34786 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-34708 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2021-34709 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2021-34737 (5.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-34771 (5.5)
Palo Alto Networks PAN-OS
https://nvd.nist.gov/vuln/detail/CVE-2021-3054 (6.6)
https://nvd.nist.gov/vuln/detail/CVE-2021-3055 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-3052 (5.4)
Kubernetes kube-apiserver
https://nvd.nist.gov/vuln/detail/CVE-2021-25735 (6.5)
Nextcloud onderdelen
Circles:
https://nvd.nist.gov/vuln/detail/CVE-2021-37630 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-32782 (5.4)
Deck:
https://nvd.nist.gov/vuln/detail/CVE-2021-37631 (6.5)
Richdocuments:
https://nvd.nist.gov/vuln/detail/CVE-2021-37629 (5.3)
Text:
https://nvd.nist.gov/vuln/detail/CVE-2021-32766 (5.3)
Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2021-32801 (5.5)
Fortinet FortiManager
https://www.fortiguard.com/psirt/FG-IR-20-189 (5.4)
Fortinet FortiSandbox
https://nvd.nist.gov/vuln/detail/CVE-2020-29012 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2020-15939 (4.3)
Fortinet FortiOS
https://www.fortiguard.com/psirt/FG-IR-20-243 (4.9)
https://www.fortiguard.com/psirt/FG-IR-21-091 (4.0)
OpenStack Neutron
https://nvd.nist.gov/vuln/detail/CVE-2021-40797 (n/a)