Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
AMI MegaRAC Baseboard Management Controller (BMC)
https://nvd.nist.gov/vuln/detail/CVE-2022-40259 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-40242 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-2827 (7.5)
Cacti
https://nvd.nist.gov/vuln/detail/CVE-2022-46169 (9.8)
Veritas NetBackup Flex Scale
https://www.veritas.com/content/support/en_US/security/VTS22-019 (9.8-8.8)
Sophos Firewall
https://www.sophos.com/en-us/security-advisories/sophos-sa-20221201-sfo… (9.8-4.3)
Aruba ClearPass Policy Manager
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-020.txt (8.8-5.5)
Kubernetes Capsule
https://nvd.nist.gov/vuln/detail/CVE-2022-46167 (8.8)
Ubiquiti EdgeRouter
https://nvd.nist.gov/vuln/detail/CVE-2022-43553 (8.8)
FortiNet FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2022-35843 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2022-40680 (4.0)
Ivanti Endpoint Manager Client
https://nvd.nist.gov/vuln/detail/CVE-2022-27773 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-35259 (7.5)
Ivanti Connect Secure (ICS) / Policy Secure (IPS)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?… (7.5-6.5)
Xen
https://nvd.nist.gov/vuln/detail/CVE-2022-3643 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-42328 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-42329 (n/a)
Zimbra Collaboration (ZCS)
https://nvd.nist.gov/vuln/detail/CVE-2022-45912 (n/a)
Medium
Trellix Agent (TA) for Windows
https://nvd.nist.gov/vuln/detail/CVE-2022-3859 (6.7)
GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2022-23737 (6.5)
VMware Tools for Windows
https://nvd.nist.gov/vuln/detail/CVE-2021-31693 (6.5)
Zabbix
https://nvd.nist.gov/vuln/detail/CVE-2022-43516 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-43515 (5.3)
Micro Focus NetIQ
https://nvd.nist.gov/vuln/detail/CVE-2022-38753 (6.3)
Fortinet FortiADC
https://nvd.nist.gov/vuln/detail/CVE-2022-33875 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2022-33876 (5.4)
NETGEAR Nighthawk (RAX30 AX2400) routers
https://www.tenable.com/security/research/tra-2022-36 (5.3)
Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2022-41968 (5.3)
CrowdStrike Falcon
https://nvd.nist.gov/vuln/detail/CVE-2022-44721 (4.9)
Nextcloud Talk (Android)
https://nvd.nist.gov/vuln/detail/CVE-2022-41971 (4.8)
Zyxel ZyWALL/USG / VPN / USG FLEX / ATP
https://nvd.nist.gov/vuln/detail/CVE-2022-40603 (4.7)
Check Point IPSec VPN Software Blade
https://nvd.nist.gov/vuln/detail/CVE-2022-23746 (n/a)
Proxmox Virtual Environment (PVE) / Mail Gateway (PMG)
https://nvd.nist.gov/vuln/detail/CVE-2022-35507 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2022-35508 (n/a)