Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Veeam Backup for Google Cloud
https://www.veeam.com/kb4374 (10.0)
Centreon
https://nvd.nist.gov/vuln/detail/CVE-2022-3827 (9.8)
Citrix ADC / Gateway
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-… (9.8-5.3)
Grafana
https://nvd.nist.gov/vuln/detail/CVE-2022-39328 (9.8)
https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-r… (6.4)
https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-g… (5.3)
Fortinet FortiADC
https://nvd.nist.gov/vuln/detail/CVE-2022-38381 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-38374 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-35851 (5.4)
Microsoft Azure
https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0707 (9.8-7.5)
Spring Security
https://nvd.nist.gov/vuln/detail/CVE-2022-31692 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-31690 (8.1)
VMware Workspace ONE Assist
https://www.vmware.com/security/advisories/VMSA-2022-0028.html (9.8)
Cisco BroadWorks CommPilot Application Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (8.8-6.5)
Cisco Email Security Appliance / Secure Email and Web Manager / Secure Web Appliance Next Generation Management
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (8.8-6.5)
Cisco Identity Services Engine
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (8.8)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (8.8)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (8.8)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (5.4)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (5.3)
Microsoft Exchange Server
https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0610 (8.8)
https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0704 (8.8-7.8)
Microsoft Windows
https://www.ncsc.nl/actueel/advisory?id=NCSC-2022-0702 (8.8-4.6)
Fortinet FortiClient / FortiMail / FortiOS AV engines
https://nvd.nist.gov/vuln/detail/CVE-2022-26122 (8.6)
Fortinet FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2022-30307 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-38380 (4.3)
Acronis Cyber Protect Home Office
https://nvd.nist.gov/vuln/detail/CVE-2022-44732 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-44733 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-44745 (4.0)
Fortinet FortiSIEM
https://nvd.nist.gov/vuln/detail/CVE-2022-26119 (7.8)
Fortinet FortiTester
https://nvd.nist.gov/vuln/detail/CVE-2022-33870 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-38372 (6.7)
Cisco Email Security Appliance
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (7.5)
Fortinet FortiOS SSL-VPN
https://nvd.nist.gov/vuln/detail/CVE-2022-35842 (7.5)
Watchdog Antivirus
https://nvd.nist.gov/vuln/detail/CVE-2022-38582 (n/a)
Medium
Cisco Email Security Appliance / Secure Email and Web Manager / Cisco Secure Web Appliance
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (6.5)
Fortinet FortiMail
https://nvd.nist.gov/vuln/detail/CVE-2022-39945 (6.5)
Net-SNMP
https://nvd.nist.gov/vuln/detail/CVE-2022-44792 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-44793 (6.5)
Fortinet FortiClient for Mac
https://nvd.nist.gov/vuln/detail/CVE-2022-33878 (5.5)
Fortinet FortiEDR CollectorWindows
https://nvd.nist.gov/vuln/detail/CVE-2022-39949 (5.5)
Fortinet FortiSOAR
https://nvd.nist.gov/vuln/detail/CVE-2022-42473 (5.5)
Cisco Umbrella
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (5.4)
Fortinet FortiDeceptor
https://nvd.nist.gov/vuln/detail/CVE-2022-38373 (5.4)
GitLab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2022-2904 (5.4)
Fortinet FortiManager / FortiAnalyzer
https://nvd.nist.gov/vuln/detail/CVE-2022-39950 (5.4)
Cisco Email Security Appliance / Secure Email and Web Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/c… (5.3)
QEMU SDHCI device
https://nvd.nist.gov/vuln/detail/CVE-2022-3872 (n/a)