Kwetsbaarheden - Week 40

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Juniper Networks Junos OS /  Junos OS Evolved
https://supportportal.juniper.net/s/article/2024-09-30-Out-of-Cycle-Sec… (9.2)

Cisco Crosswork Network Services Orchestrator (NSO) / ConfD
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.8)

Octopus Server
https://nvd.nist.gov/vuln/detail/CVE-2024-9194 (8.7)

Cisco Catalyst SD-WAN Routers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)

Cisco IOS / IOS XE Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)

Cisco IOS XE Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.6)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.1)

Grafana Agent
https://nvd.nist.gov/vuln/detail/CVE-2024-8996 (7.8)

Grafana Alloy
https://nvd.nist.gov/vuln/detail/CVE-2024-8975 (7.8)

Cisco Catalyst Center
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.5)

Dell SmartFabric OS10
https://www.dell.com/support/kbdoc/en-us/000228976/dsa-2024-274-securit… (7.5-7.1)

Hashicorp Vault / Vault Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2024-7594 (7.5)

LibreNMS
https://nvd.nist.gov/vuln/detail/CVE-2024-47523 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-47525 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-47527 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-47524 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2024-47528 (5.1)

NGINX Proxy Manager
https://nvd.nist.gov/vuln/detail/CVE-2024-46256 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2024-46257 (n/a)

Medium

OwnCloud
https://nvd.nist.gov/vuln/detail/CVE-2023-7273 (6.8)

Devolutions Server
https://nvd.nist.gov/vuln/detail/CVE-2024-6512 (6.5)

Cisco Catalyst SD-WAN Manager
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.4)

Cisco SD-WAN vEdge Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)

Cisco IOS Software on Cisco Industrial Ethernet Series Switches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.8)

Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.8)

Devolutions Remote Desktop Manager
https://nvd.nist.gov/vuln/detail/CVE-2024-7421 (5.5)

Grafana
https://nvd.nist.gov/vuln/detail/CVE-2024-8118 (5.1)

Cisco IOS XE Software for Wireless Controllers (CWA)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.7)

Red Hat Buildah / Podman
https://nvd.nist.gov/vuln/detail/CVE-2024-9407 (4.7)

Arista Networks CloudVision Appliance (CVA)
https://www.arista.com/en/support/advisories-notices/security-advisory/… (4.6)

ovirt-engine
https://nvd.nist.gov/vuln/detail/CVE-2024-7259 (4.4)

Cisco Catalyst 9000 Series Switches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.3)

Linux Kernel Netfilter
https://nvd.nist.gov/vuln/detail/CVE-2024-46855 (n/a)

Portainer
https://nvd.nist.gov/vuln/detail/CVE-2024-33662 (n/a)