Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
Arista CloudVision Portal
https://www.arista.com/en/support/advisories-notices/security-advisory/… (10.0)
Cisco IP Phone 6800 / 7800 /7900 / 8800 Series
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (9.8)
Fortinet FortiOS / FortiProxy
https://www.fortiguard.com/psirt/FG-IR-23-001 (9.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-42476 (8.2)
https://nvd.nist.gov/vuln/detail/CVE-2022-45861 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-41329 (5.3)
Proofpoint Enterprise Protection (PPS/POD)
https://nvd.nist.gov/vuln/detail/CVE-2023-0089 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-0090 (8.1)
Fortinet FortiNAC
https://nvd.nist.gov/vuln/detail/CVE-2022-39953 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-40676 (7.1)
Dell NetWorker
https://www.dell.com/support/kbdoc/nl-nl/000210471/dsa-2023-058-dell-ne… (7.5)
Fortinet FortiRecorder
https://nvd.nist.gov/vuln/detail/CVE-2022-41333 (7.5)
Fortinet FortiSOAR
https://nvd.nist.gov/vuln/detail/CVE-2023-25605 (7.5)
NetApp StorageGRID (voorheen StorageGRID Webscale)
https://nvd.nist.gov/vuln/detail/CVE-2022-38734 (7.5)
Okta Advanced Server Access Client
https://nvd.nist.gov/vuln/detail/CVE-2023-0093 (7.5)
SonicWall SonicOS
https://nvd.nist.gov/vuln/detail/CVE-2023-0656 (7.5)
Veeam Backup & Replication
https://www.veeam.com/kb4424 (7.5)
Grafana
https://nvd.nist.gov/vuln/detail/CVE-2023-0507 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-0594 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-22462 (6.4)
Fortinet FortiWeb
https://nvd.nist.gov/vuln/detail/CVE-2022-39951 (7.2)
Barracuda CloudGen WAN Private Edge Gateway
https://nvd.nist.gov/vuln/detail/CVE-2023-26213 (high)
Medium
Fortinet FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2022-41328 (6.7)
Cisco Unified Intelligence Center
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)
DrayTek Vigor 2960
https://nvd.nist.gov/vuln/detail/CVE-2023-1162 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-1163 (4.3)
Cisco Webex App for Web
https://nvd.nist.gov/vuln/detail/CVE-2023-20104 (6.1)
Fortinet FortiWeb / FortiRecorder
https://nvd.nist.gov/vuln/detail/CVE-2022-22297 (5.5)
Redis
https://nvd.nist.gov/vuln/detail/CVE-2022-36021 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-25155 (5.5)
Sophos Connect
https://nvd.nist.gov/vuln/detail/CVE-2022-48310 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-48309 (4.3)
Cisco Prime Infrastructure / Evolved Programmable Network (EPN) Manager
https://nvd.nist.gov/vuln/detail/CVE-2023-20069 (5.4)
Fortinet FortiManager / FortiAnalyzer / FortiPortal / FortiSwitch
https://nvd.nist.gov/vuln/detail/CVE-2022-27490 (5.4)
Cisco Finesse Reverse Proxy VPN-less Access
https://nvd.nist.gov/vuln/detail/CVE-2023-20088 (5.3)
Devolutions Remote Desktop Manager PowerShell Module
https://devolutions.net/security/advisories/DEVO-2023-0004 (5.3)
Devolutions Server
https://devolutions.net/security/advisories/DEVO-2023-0005 (5.3)
Fortinet FortiAnalyzer
https://nvd.nist.gov/vuln/detail/CVE-2023-23776 (4.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-25611 (4.0)
SonicWall SonicOS SSLVPN
https://nvd.nist.gov/vuln/detail/CVE-2023-1101 (4.3)
GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2023-22381 (4.1)
Zoho ManageEngine ServiceDesk Plus / ServiceDesk Plus MSP / SupportCenter Plus / AssetExplorer
https://nvd.nist.gov/vuln/detail/CVE-2023-26600 (medium)
https://nvd.nist.gov/vuln/detail/CVE-2023-26601 (medium)
Draytek Vigor Series
https://nvd.nist.gov/vuln/detail/CVE-2023-23313 (n/a)