Kwetsbaarheden - Week 08

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Cisco ClamAV

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (9.8)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.3)

Fortinet FortiNAC

https://nvd.nist.gov/vuln/detail/CVE-2022-39952 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-38375 (9.1)

https://nvd.nist.gov/vuln/detail/CVE-2022-40678 (7.4)

https://nvd.nist.gov/vuln/detail/CVE-2022-39954 (7.3)

https://nvd.nist.gov/vuln/detail/CVE-2022-40677 (7.3)

https://nvd.nist.gov/vuln/detail/CVE-2023-22638 (7.1)

https://nvd.nist.gov/vuln/detail/CVE-2022-40675 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-38376 (6.1)

Fortinet FortiWeb

https://nvd.nist.gov/vuln/detail/CVE-2021-42756 (9.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-42761 (9.0)

https://nvd.nist.gov/vuln/detail/CVE-2022-30303 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2023-23780 (8.0)

https://nvd.nist.gov/vuln/detail/CVE-2022-40683 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2023-23782 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2023-25602 (7.8)

https://nvd.nist.gov/vuln/detail/CVE-2023-23779 (6.8)

https://nvd.nist.gov/vuln/detail/CVE-2023-23783 (6.7)

https://nvd.nist.gov/vuln/detail/CVE-2022-30306 (6.6)

https://nvd.nist.gov/vuln/detail/CVE-2022-33871 (6.6)

https://nvd.nist.gov/vuln/detail/CVE-2022-30300 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2023-23781 (6.4)

https://nvd.nist.gov/vuln/detail/CVE-2023-23784 (5.7)

https://nvd.nist.gov/vuln/detail/CVE-2022-30299 (5.3)

https://nvd.nist.gov/vuln/detail/CVE-2023-23778 (4.9)

AMI MegaRAC SPX BMC

https://nvd.nist.gov/vuln/detail/CVE-2023-25191 (9.1)

https://nvd.nist.gov/vuln/detail/CVE-2023-25192 (5.3)

Tribe29 Checkmk

https://nvd.nist.gov/vuln/detail/CVE-2022-46836 (9.1)

https://nvd.nist.gov/vuln/detail/CVE-2022-46303 (8.0)

https://nvd.nist.gov/vuln/detail/CVE-2022-47909 (6.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-48321 (6.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-48319 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-48317 (5.6)

https://nvd.nist.gov/vuln/detail/CVE-2022-48320 (5.4)

https://nvd.nist.gov/vuln/detail/CVE-2022-48318 (5.3)

VMware Carbon Black App Control

https://nvd.nist.gov/vuln/detail/CVE-2023-20858 (9.1)

Argo CD

https://nvd.nist.gov/vuln/detail/CVE-2023-23947 (9.1)

Fortinet FortiWAN

https://nvd.nist.gov/vuln/detail/CVE-2022-33869 (8.8)

Fortinet FortiOS

https://nvd.nist.gov/vuln/detail/CVE-2022-41334 (8.8)

Fortinet FortiOS / FortiProxy / FortiSwitchManager

https://nvd.nist.gov/vuln/detail/CVE-2022-41335 (8.8)

SolarWinds Platform

https://nvd.nist.gov/vuln/detail/CVE-2022-47503 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-47504 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-47506 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-47507 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2023-23836 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-38111 (7.2)

VMware vRealize Orchestrator

https://nvd.nist.gov/vuln/detail/CVE-2023-20855 (8.8)

Clam AntiVirus (ClamAV)

https://nvd.nist.gov/vuln/detail/CVE-2022-20803 (8.6)

Fortinet FortiADC

https://nvd.nist.gov/vuln/detail/CVE-2022-27482 (7.8)

Cisco Nexus Dashboard

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.5)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)

OpenBMC

https://nvd.nist.gov/vuln/detail/CVE-2022-35729 (7.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-29494 (6.5)

SolarWinds Server & Application Monitor

https://nvd.nist.gov/vuln/detail/CVE-2022-47508 (7.5)

Fortinet FortiExtender

https://nvd.nist.gov/vuln/detail/CVE-2022-27489 (7.2)

Kubernetes MinIO

https://nvd.nist.gov/vuln/detail/CVE-2023-25812 (high)

Jenkins verschillende plugins

https://www.jenkins.io/security/advisory/2023-02-15/ (high-medium)

GitHub Enterprise Server

https://nvd.nist.gov/vuln/detail/CVE-2023-22380 (n/a)

Medium

Cisco Email Security Appliance / Secure Email and Web Manager

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)

HashiCorp Nomad / Nomad Enterprise

https://nvd.nist.gov/vuln/detail/CVE-2023-0821 (6.5)

IBM Security Verify Access

https://nvd.nist.gov/vuln/detail/CVE-2022-36775 (6.5)

containerd

https://nvd.nist.gov/vuln/detail/CVE-2023-25153 (6.2)

https://nvd.nist.gov/vuln/detail/CVE-2023-25173 (5.3)

Cisco Identity Services Engine

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)

Elastic Kibana

https://nvd.nist.gov/vuln/detail/CVE-2022-38779 (6.1)

Dell Secure Connect Gateway (SCG)

https://nvd.nist.gov/vuln/detail/CVE-2023-23695 (5.9)

Fortinet FortiSandbox

https://nvd.nist.gov/vuln/detail/CVE-2022-26115 (5.9)

Fortinet FortiOS / FortiProxy

https://nvd.nist.gov/vuln/detail/CVE-2022-39948 (4.8)

https://nvd.nist.gov/vuln/detail/CVE-2022-38378 (4.2)

https://nvd.nist.gov/vuln/detail/CVE-2022-42472 (4.2)

Fortinet FortiAnalyzer

https://nvd.nist.gov/vuln/detail/CVE-2022-30304 (4.3)

Fortinet FortiOS / FortiWeb / FortiProxy / FortiSwitch

https://nvd.nist.gov/vuln/detail/CVE-2021-43074 (4.3)

Fortinet FortiPortal

https://nvd.nist.gov/vuln/detail/CVE-2022-43954 (4.3)

Octopus Server

https://nvd.nist.gov/vuln/detail/CVE-2022-2883 (medium)

Knot Resolver

https://nvd.nist.gov/vuln/detail/CVE-2023-26249 (n/a)