Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Adobe Commerce / Magento
https://helpx.adobe.com/security/products/magento/apsb22-48.html (10.0)
Microsoft Azure
https://advisories.ncsc.nl/advisory?id=NCSC-2022-0636 (10.0-6.2)
Aruba EdgeConnect Enterprise Orchestrator
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt (9.8)
Fortinet FortiOS / FortiProxy / FortiSwitchManager
https://www.fortiguard.com/psirt/FG-IR-22-377 (9.6)
Fortinet FortiTester
https://www.fortiguard.com/psirt/FG-IR-22-237 (9.6)
https://www.fortiguard.com/psirt/FG-IR-22-244 (7.7
https://www.fortiguard.com/psirt/FG-IR-22-247 (6.5)
VMware vCenter Server
https://nvd.nist.gov/vuln/detail/CVE-2022-31680 (9.1)
Trend Micro Apex One
https://success.trendmicro.com/dcx/s/solution/000291645 (9.1-6.7)
Fortinet FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2021-44171 (9.0)
Cloud Mobility for Dell Storage
https://www.dell.com/support/kbdoc/nl-nl/000203352/dsa-2022-259-dell-container-storage-modules-security-update-for-multiple-vulnerabilities (8.8)
https://www.dell.com/support/kbdoc/nl-nl/000203434/dsa-2022-264-cloud-mobility-for-dell-storage-security-update-for-an-insecure-database-vulnerability (6.7)
Hitachi Storage Plug-in for VMware vCenter
https://nvd.nist.gov/vuln/detail/CVE-2022-2637 (8.8)
Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2022-0637 (8.8-4.3)
Microsoft Sharepoint
https://nvd.nist.gov/vuln/detail/CVE-2022-38053 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-41036 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-41037 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-41038 (8.8)
Cisco Enterprise NFV Infrastructure Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h (7.8)
Dell Enterprise SONiC OS
https://nvd.nist.gov/vuln/detail/CVE-2022-34425 (7.5)
lighttpd 1.4
https://nvd.nist.gov/vuln/detail/CVE-2022-41556 (7.5)
Traefik
https://nvd.nist.gov/vuln/detail/CVE-2022-39271 (7.5)
Cisco Expressway Series Software / TelePresence Video Communication Server
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6 (7.4)
Fortinet FortiOS / FortiProxy
https://www.fortiguard.com/psirt/FG-IR-22-086 (7.3)
Generex CS141
https://nvd.nist.gov/vuln/detail/CVE-2022-42457 (7.2)
Citrix Hypervisor / Xen
https://nvd.nist.gov/vuln/detail/CVE-2022-33746 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-33747 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-33748 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-33749 (n/a)
Medium
Cisco Touch 10 Devices
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj (6.8)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt (6.5)
Dell Wyse ThinOS
https://nvd.nist.gov/vuln/detail/CVE-2022-34402 (6.8)
ISC DHCP
https://nvd.nist.gov/vuln/detail/CVE-2022-2928 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-2929 (6.5)
VMware ESXi
https://nvd.nist.gov/vuln/detail/CVE-2022-31681 (6.5)
Centreon
https://nvd.nist.gov/vuln/detail/CVE-2022-39988 (5.4)
Cisco BroadWorks Hosted Thin Receptionist
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU (5.4)
Cisco Secure Web Appliance
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-bwBfugek (5.3)
Cisco ATA 190 Series Analog Telephone Adapter Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs (5.3)
Octopus Server
https://nvd.nist.gov/vuln/detail/CVE-2022-2781 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-2783 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-2720 (n/a)
VMware Aria Operations (voorheen VMware vRealize Operations)
https://nvd.nist.gov/vuln/detail/CVE-2022-31682 (4.9)
Cisco Jabber Client Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-xmpp-Ne9SCM (4.3)
Cisco Smart Software Manager On-Prem
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv (4.3)
HashiCorp Nomad / Nomad Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2022-41606 (n/a)