Kwetsbaarheden - Week 45

08 nov 2023

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Cisco Firepower Management Center (FMC) Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20048 (9.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-20155 (7.5)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-20114 (6.5)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-20177 (4.0)

Veeam ONE
https://www.veeam.com/kb4508 (9.9-4.3)

Progress WS_FTP Server
https://nvd.nist.gov/vuln/detail/CVE-2023-42659 (9.1)

Cisco Identity Services Engine (ISE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (8.8-6.0)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.7-4.3)

Devolutions Server / Remote Desktop Manager Windows
https://devolutions.net/security/advisories/DEVO-2023-0019/ (8.8-4.3)

Cisco Adaptive Security Appliance (ASA) Software / Firepower Threat Defense (FTD) Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20086 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-20095 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-20042 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-20264 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-20247 (5.0)

Cisco Firepower Threat Defense (FTD) Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20083 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-20270 (5.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-20031 (4.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-20070 (4.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-20267 (4.0)

Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls
https://nvd.nist.gov/vuln/detail/CVE-2023-20244 (8.6)

Cisco Firepower Threat Defense (FTD) Software / Firepower Management Center (FMC)
Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20063 (8.2)

Red Hat OpenShift Container Platform
https://nvd.nist.gov/vuln/detail/CVE-2023-5408 (8.2)

SolarWinds Network Configuration Manager
https://nvd.nist.gov/vuln/detail/CVE-2023-33226 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-33227 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-33228 (4.5)

SolarWinds Platform
https://nvd.nist.gov/vuln/detail/CVE-2023-40062 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-40061 (7.1)

Trend Micro Apex One / Apex One as a Service
https://success.trendmicro.com/dcx/s/solution/000295652 (7.8)

Medium

Puppet Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2023-5309 (6.8)

Zoho ManageEngine Desktop Central
https://nvd.nist.gov/vuln/detail/CVE-2023-4769 (6.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-4767 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-4768 (6.1)

Dell PowerScale OneFS
https://www.dell.com/support/kbdoc/en-us/000218934/powerscale-onefs-sec… (6.5-4.3)

Proofpoint Enterprise Protection
https://nvd.nist.gov/vuln/detail/CVE-2023-5771 (6.1)

Cisco Adaptive Security Appliance Software / Firepower Threat Defense Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-20246 (5.8)

Cisco FirePOWER Services / Firepower Threat Defense Products / Cisco IOS XE Software / Cisco IOS XE SD-WAN Software / Open Source Snort
https://nvd.nist.gov/vuln/detail/CVE-2023-20071 (5.8)

Zyxel GS1900 Series switches
https://nvd.nist.gov/vuln/detail/CVE-2023-35140 (5.5)

Cisco Meeting Server
https://nvd.nist.gov/vuln/detail/CVE-2023-20255 (5.3)

Kubernetes Capsule
https://nvd.nist.gov/vuln/detail/CVE-2023-46254 (4.3)

UrBackup Server
https://nvd.nist.gov/vuln/detail/CVE-2023-47102 (n/a)