Kwetsbaarheden - Week 46

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

GitLab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2022-3726 (9.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-3285 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-3486 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-3280 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-3483 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-3265 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-3818 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-3793 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-2761 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-3819 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-3706 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-3413 (4.3)

Cisco Identity Services Engine
https://nvd.nist.gov/vuln/detail/CVE-2022-20956 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-20959 (5.4)

Cisco Firepower Threat Defense Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (8.6)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (6.5)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (5.8)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (5.3)

Cisco Adaptive Security Appliance Software / Firepower Threat Defense Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (8.6)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (7.7)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (7.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-20745 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-20713 (6.1)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (5.8)

Cisco Firepower Management Center / Firepower Threat Defense Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (7.5)

Cisco FirePOWER Software for ASA FirePOWER Module / Firepower Management Center Software / NGIPS Software SNMP
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (7.5)

IBM Cloud Pak for Security
https://nvd.nist.gov/vuln/detail/CVE-2022-38385 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-38387 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-36776 (5.4)

Jenkins diverse plugins
https://www.jenkins.io/security/advisory/2022-11-15/ (n/a)

Sophos UTM
https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-71… (n/a)

VMWare Hyperic Agent (EOL, geen updates)
https://nvd.nist.gov/vuln/detail/CVE-2022-38650 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-38651 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-38652 (n/a)

Zoho ManageEngine Mobile Device Manager Plus
https://nvd.nist.gov/vuln/detail/CVE-2022-41339  n/a)

Zoho ManageEngine Password Manager Pro / PAM360 / Access Manager Plus
https://nvd.nist.gov/vuln/detail/CVE-2022-43671 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-43672 (n/a)

Zoho ManageEngine ServiceDesk Plus MSP / ManageEngine SupportCenter Plus
https://nvd.nist.gov/vuln/detail/CVE-2022-40773 (n/a)

Medium

Palo Alto Networks Cortex XSOAR
https://nvd.nist.gov/vuln/detail/CVE-2022-0031 (6.7)

Nextcloud Desktop Client
https://nvd.nist.gov/vuln/detail/CVE-2022-41882 (6.6)

Cisco Secure Firewall 3100 Series
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (6.4)

Cisco Firepower Management Center Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (6.3)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (5.3)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (4.8)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (4.3)

Cisco Firepower Threat Defense Software / Cisco FXOS Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (6.0)

Cisco Snort SMB2 Detection Engine
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (5.8)

IBM PowerVM Hypervisor
https://nvd.nist.gov/vuln/detail/CVE-2022-34331 (5.5)

HashiCorp Nomad / Nomad Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2022-3866 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-3867 (4.3)

ownCloud Server Docker image
https://nvd.nist.gov/vuln/detail/CVE-2022-43679 (4.2)

ITRS OP5 Monitor
https://nvd.nist.gov/vuln/detail/CVE-2021-40272 (n/a)

Kubernetes
https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA (n/a)
https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA (n/a)