Kwetsbaarheden - Week 44

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners. Deze selectie wordt gezamenlijk met relevant nieuws verspreid in de Mid of Week.

De inschatting van low/medium/high wordt gemaakt op basis van de CVSS 3.1 base score van de kwetsbaarheid. 0.0-3.9 is low, 4.0-6.9 is medium, 7.0-10.0 is high.
Kwetsbaarheden die als low worden geclassificeerd komen niet in dit overzicht terug.

High

HPE iLO Amplifier Pack
https://nvd.nist.gov/vuln/detail/CVE-2021-29212 (9.8)

Fortinet FortiWeb
https://nvd.nist.gov/vuln/detail/CVE-2021-36186 (8.8)

Cisco Adaptive Security Appliance (ASA) / Firepower Threat Defense (FTD)
https://nvd.nist.gov/vuln/detail/CVE-2021-34793 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2021-34756 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-34755 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-34754 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-34781 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-40118 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-40117 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-34783 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-34792 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-40116 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-40114 (7.5)

Cisco Firepower Management Center (FMC)
https://nvd.nist.gov/vuln/detail/CVE-2021-34762 (8.1)

Fortinet Forticlient (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2021-36183 (7.4)

Medium

Huawei CloudEngine (5800)
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211103-01-privilege-en (6.7)

Cisco ASA / FTD
https://nvd.nist.gov/vuln/detail/CVE-2021-40125 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-34761 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2021-34794 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-34791 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-34790 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-34787 (5.3)

Fortinet FortiPortal
https://nvd.nist.gov/vuln/detail/CVE-2021-32595 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-36176 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2021-36174 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-36172 (4.3)

Fortinet FortiManager
https://nvd.nist.gov/vuln/detail/CVE-2021-26107 (6.3)

Cisco Firepower Management Center (FMC)
https://nvd.nist.gov/vuln/detail/CVE-2021-34764 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2021-34763 (4.8)

BIND
https://nvd.nist.gov/vuln/detail/CVE-2021-25219 (5.3)

Fortinet FortiWeb
https://nvd.nist.gov/vuln/detail/CVE-2021-36187 (5.3)

Fortinet FortiADC
https://nvd.nist.gov/vuln/detail/CVE-2020-15935 (4.3)

Fortinet FortiClientEMS
https://nvd.nist.gov/vuln/detail/CVE-2020-15940 (4.1)