Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Aruba InstantOS and ArubaOS 10
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt (9.8-4.8)
Veritas NetBackup
https://www.veritas.com/content/support/en_US/security/VTS22-011 (9.0-8.0)
Microsoft Exchange
https://nvd.nist.gov/vuln/detail/CVE-2022-41040 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-41082 (8.8)
Open vSwitch (ovs)
https://nvd.nist.gov/vuln/detail/CVE-2022-32166 (8.8)
Solarwinds Orion Platform
https://nvd.nist.gov/vuln/detail/CVE-2022-36961 (8.8)
Cisco IOS XE Software
https://nvd.nist.gov/vuln/detail/CVE-2022-20848 (8.8)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3 (8.6)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20855 (7.9)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv (7.4)
Cisco IOS XE Wireless Controller Software
https://nvd.nist.gov/vuln/detail/CVE-2022-20847 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20856 (8.6)
Cisco IOS and IOS XE Software
https://nvd.nist.gov/vuln/detail/CVE-2022-20919 (8.6)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk (7.7)
Cisco SD-WAN Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF (7.8)
RealVNC VNC Server / VNC Viewer
https://nvd.nist.gov/vuln/detail/CVE-2022-41975 (7.8)
Trend Micro Deep Security 20 and Cloud One
https://nvd.nist.gov/vuln/detail/CVE-2022-40710 (7.8)
Gitlab
https://about.gitlab.com/releases/2022/09/29/security-release-gitlab-15-4-1-released/ (7.5-4.3)
NetApp SnapCenter
https://nvd.nist.gov/vuln/detail/CVE-2022-38732 (7.5)
wolfSSL
https://nvd.nist.gov/vuln/detail/CVE-2022-39173 (7.5)
Dell SmartFabric OS10
https://www.dell.com/support/kbdoc/nl-nl/000202971/dsa-2022-135-dell-emc-smartfabric-os10-security-update-for-multiple-security-vulnerabilities (7.5-4.9)
Cisco Catalyst 9100 Series Access Points
https://nvd.nist.gov/vuln/detail/CVE-2022-20945 (7.4)
Cisco Wireless LAN Controller (WLC) AireOS Software
https://nvd.nist.gov/vuln/detail/CVE-2022-20769 (7.4)
Dell Hybrid Client
https://www.dell.com/support/kbdoc/nl-nl/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities (7.3-5.0)
pfSense
https://nvd.nist.gov/vuln/detail/CVE-2022-42247 (n/a)
Medium
Cisco SD-WAN Software
https://nvd.nist.gov/vuln/detail/CVE-2022-20930 (6.7)
Cisco IOS XE Wireless Controller Software
https://nvd.nist.gov/vuln/detail/CVE-2022-20810 (6.5)
Cisco Secure Web Appliance
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8 (6.3)
SolarWinds Orion Platform
https://nvd.nist.gov/vuln/detail/CVE-2022-36965 (6.1)
ovirt-engine
https://nvd.nist.gov/vuln/detail/CVE-2022-3193 (6.1)
Cisco Duo for macOS
https://nvd.nist.gov/vuln/detail/CVE-2022-20662 (6.1)
Cisco IOS XE Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-20851 (5.5)
Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software
https://nvd.nist.gov/vuln/detail/CVE-2022-20850 (5.5)
Veritas NetBackup
https://www.veritas.com/content/support/en_US/security/VTS22-013 (5.4-4.3)
https://www.veritas.com/content/support/en_US/security/VTS22-012 (5.3)
Cisco vManage
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-20844 (5.3)
ConnectWise Control (voorheen WiseConnect ScreenConnect)
https://nvd.nist.gov/vuln/detail/CVE-2022-36781 (5.3)
Elastic Cloud Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2022-23716 (5.3)
Cisco Access Points
https://nvd.nist.gov/vuln/detail/CVE-2022-20728 (4.7)
Cisco IOS XE ROM Monitor Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO (4.6)
Octopus Deploy
https://nvd.nist.gov/vuln/detail/CVE-2022-2760 (4.3)