Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Microsoft Azure
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0639 (9.6-4.7)
Fortinet FortiMail
https://www.fortiguard.com/psirt/FG-IR-23-439 (9.0)
Checkmk
https://nvd.nist.gov/vuln/detail/CVE-2023-31210 (8.8)
Fortinet FortiOS / FortiPAM
https://nvd.nist.gov/vuln/detail/CVE-2023-41678 (8.8)
Fortinet FortiPortal
https://nvd.nist.gov/vuln/detail/CVE-2023-48791 (8.8)
Fortinet FortiWAN
https://nvd.nist.gov/vuln/detail/CVE-2023-44252 (8.8)
Fortinet FortiWLM
https://nvd.nist.gov/vuln/detail/CVE-2023-48782 (8.8)
Microsoft Windows
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0636 (8.8-5.5)
Fortinet FortiVoiceEnterprise / FortiSwitch / FortiMail / FortiRecorder / FortiNDR
https://nvd.nist.gov/vuln/detail/CVE-2022-27488 (8.3)
Elastic Kibana
https://nvd.nist.gov/vuln/detail/CVE-2023-46671 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-46675 (8.0)
Jupyter JupyterHub
https://nvd.nist.gov/vuln/detail/CVE-2023-48311 (8.0)
VMware Photon
https://nvd.nist.gov/vuln/detail/CVE-2022-22942 (7.8)
HashiCorp Vault / Vault Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2023-6337 (7.5)
Zoom Desktop Client for Windows / VDI Client for Windows / SDKs for Windows
https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/ (7.3)
Fortinet FortiProxy / FortiOS / FortiPAM
https://nvd.nist.gov/vuln/detail/CVE-2023-36639 (7.2)
Nextcloud Collabora Online
https://nvd.nist.gov/vuln/detail/CVE-2023-49788 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-49782 (7.1)
Fortinet FortiADC
https://nvd.nist.gov/vuln/detail/CVE-2023-41673 (7.1)
Zoom Mobile App for iOS / SDKs for iOS
https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/ (7.1)
Supermicro Baseboard Management Controller BMC
https://www.supermicro.com/en/support/security_BMC_Dec_2023 (high)
Netgate pfSense Plus / pfSense CE
https://nvd.nist.gov/vuln/detail/CVE-2023-48123 (n/a)
Xen
https://xenbits.xenproject.org/xsa/advisory-447.html (n/a)
Medium
Elastic Beats / Agent
https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-sec… (6.8)
Fortinet FortiTester
https://nvd.nist.gov/vuln/detail/CVE-2023-40716 (6.7)
VMware Workspace ONE Launcher
https://nvd.nist.gov/vuln/detail/CVE-2023-34064 (6.3)
Red Hat Advanced Cluster Security (RHACS)
https://nvd.nist.gov/vuln/detail/CVE-2023-4958 (6.1)
Zoom Clients (alle)
https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/ (5.4)
Fortinet FortiWeb
https://nvd.nist.gov/vuln/detail/CVE-2023-46713 (5.3)
Ubuntu Server (LXD)
https://nvd.nist.gov/vuln/detail/CVE-2023-5536 (5.0)
Zoom Mobile App for Android / Mobile App for iOS / Zoom SDK
https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/ (4.9)
Devolutions Remote Desktop Manager (macOS)
https://nvd.nist.gov/vuln/detail/CVE-2023-6288 (4.8)
DrayTek Vigor167
https://nvd.nist.gov/vuln/detail/CVE-2023-47254 (medium)
Octopus Deploy
https://advisories.octopus.com/post/2023/sa2023-12/ (medium)
NETSCOUT Systems nGeniusONE
https://nvd.nist.gov/vuln/detail/CVE-2023-40300 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-40301 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-40302 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-41168 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-41169 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-41170 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-41171 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-41172 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-41905 (n/a)