Kwetsbaarheden - Week 40

04 okt 2023

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Cisco Catalyst SD-WAN Manager (voorheen SD-WAN vManage)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (9.8-5.3)

Progress WS_FTP Server
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnera… (9.6-5.3)

Cilium
https://nvd.nist.gov/vuln/detail/CVE-2023-39347 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-41333 (8.1)

Cisco IOS XE Software Web UI
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.8)

SonicWall NetExtender
https://nvd.nist.gov/vuln/detail/CVE-2023-44218 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-44217 (n/a)

Cisco DNA Center API
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)

Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)

Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)

Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)

Cisco IOS XE Software Layer 2 Tunneling Protocol
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)

F5 BIG-IP APM
https://nvd.nist.gov/vuln/detail/CVE-2023-43125 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-43124 (7.1)

Cisco IOS / IOS XE Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.0)

Dell SmartFabric Storage Software
https://www.dell.com/support/kbdoc/nl-nl/000218107/security-update-for-… (7.8-4.3)

Dell Data Protection Central
https://nvd.nist.gov/vuln/detail/CVE-2023-4129 (7.5)

Hashicorp Vault / Vault Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2023-5077 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-3775 (4.9)

Devolutions Remote Desktop Manager
https://devolutions.net/security/advisories/DEVO-2023-0016/ (high)

Proxmox Backup Server / Mail Gateway
https://nvd.nist.gov/vuln/detail/CVE-2023-43320 (n/a)

Medium

Cisco IOS / IOS XE Software / Group Encrypted Transport VPN Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.6)

Symantec Protection Engine
https://nvd.nist.gov/vuln/detail/CVE-2023-23958 (6.5)

Cisco IOS XE Software for Wireless LAN Controllers (mDNS)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)

Cisco Wireless LAN Controller AireOS Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)

Cisco Catalyst 9100 Access Points
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.8)

OPNsense
https://nvd.nist.gov/vuln/detail/CVE-2023-44275 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-44276 (5.4)

Zoho ManageEngine ADManager Plus
https://nvd.nist.gov/vuln/detail/CVE-2023-41904 (5.4)

Hitachi Ops Center Common Services (Linux)
https://nvd.nist.gov/vuln/detail/CVE-2023-3967 (5.3)

Cisco Adaptive Security Appliance Software / Firepower Threat Defense Software Remote Access VPN
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.0)

Cisco Access Point Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.7)

Argo CD
https://nvd.nist.gov/vuln/detail/CVE-2023-40026 (4.3)

Cisco Catalyst SD-WAN Manager Web UI
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.3)