Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.
Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.
Critical & High
vm2
https://nvd.nist.gov/vuln/detail/CVE-2023-29017 (10.0)
HashiCorp Nomad and Nomad Enterprise
https://nvd.nist.gov/vuln/detail/CVE-2023-1782 (9.9)
Fortinet FortiPresence
https://nvd.nist.gov/vuln/detail/CVE-2022-41331 (9.8)
Microsoft Windows
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0169 (9.8-4.3)
Cisco Secure Network Analytics
https://nvd.nist.gov/vuln/detail/CVE-2023-20102 (8.8)
Dell PowerProtect Data Manager
https://nvd.nist.gov/vuln/detail/CVE-2023-28062 (8.8)
Fortinet FortiOS / FortiProxy
https://nvd.nist.gov/vuln/detail/CVE-2022-41330 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-43947 (5.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-22641 (4.1)
Fortinet FortiSandbox / FortiDeceptor
https://nvd.nist.gov/vuln/detail/CVE-2022-27487 (8.8)
Fortinet FortiWeb
https://nvd.nist.gov/vuln/detail/CVE-2022-43955 (8.8)
Cisco Evolved Programmable Network Manager (EPNM) / Identity Services Engine (ISE) / Prime Infrastructure
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.8)
Fortinet FortiADC / FortiDDoS / FortiDDoS-F
https://nvd.nist.gov/vuln/detail/CVE-2022-40679 (7.8)
Fortinet FortiClient (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2022-40682 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-42470 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-43946 (7.5)
GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2023-23761 (7.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-23762 (6.5)
Arista CloudEOS
https://www.arista.com/en/support/advisories-notices/security-advisory/… (7.5-6.5)
Fortinet FortiAnalyzer / FortiManager
https://nvd.nist.gov/vuln/detail/CVE-2023-22642 (7.5)
Microsoft Azure
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0173 (7.5-6.5)
Microsoft Defender
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0168 (7.5)
Fortinet FortiClient (Mac)
https://nvd.nist.gov/vuln/detail/CVE-2023-22635 (7.3)
Cisco Small Business RV320 / RV325 Dual Gigabit WAN VPN Routers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.2)
Fortinet FortiSOAR
https://nvd.nist.gov/vuln/detail/CVE-2023-27995 (7.2)
Fortinet FortiAnalyzer
https://nvd.nist.gov/vuln/detail/CVE-2022-42477 (7.1)
Zoho ManageEngine ADSelfService Plus
https://nvd.nist.gov/vuln/detail/CVE-2023-28342 (high)
Zoho ManageEngine Applications Manager
https://nvd.nist.gov/vuln/detail/CVE-2023-28341 (high)
https://nvd.nist.gov/vuln/detail/CVE-2023-28340 (medium)
Veritas Appliance
https://nvd.nist.gov/vuln/detail/CVE-2023-26788 (n/a)
Medium
Fortinet FortiWeb / FortiADC
https://nvd.nist.gov/vuln/detail/CVE-2022-43948 (6.7)
Cisco Prime Infrastructure / Evolved Programmable Network Manager
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.4)
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers
https://nvd.nist.gov/vuln/detail/CVE-2023-20124 (6.5)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.1)
Fortinet FortiSandbox
https://nvd.nist.gov/vuln/detail/CVE-2022-27485 (6.5)
Cisco Identity Services Engine
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.0)
Docker Desktop
https://nvd.nist.gov/vuln/detail/CVE-2023-1802 (5.9)
Cisco Packet Data Network Gateway (PGW)
https://nvd.nist.gov/vuln/detail/CVE-2023-20051 (5.8)
HAProxy
https://nvd.nist.gov/vuln/detail/CVE-2023-25950 (5.6)
Cisco Unified Contact Center Express (CCX)
https://nvd.nist.gov/vuln/detail/CVE-2023-20096 (5.4)
Cisco Webex Meetings
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.4)
Arista EOS met SNMP
https://www.arista.com/en/support/advisories-notices/security-advisory/… (5.3)
Fortinet FortiNAC
https://nvd.nist.gov/vuln/detail/CVE-2022-43951 (5.3)
Cisco Secure Network Analytics
https://nvd.nist.gov/vuln/detail/CVE-2023-20103 (4.9)
Devolutions Remote Desktop Manager Windows / Linux
https://devolutions.net/security/advisories/DEVO-2023-0009 (4.4-4.3)
Fortinet FortiAuthenticator
https://nvd.nist.gov/vuln/detail/CVE-2022-35850 (4.3)
Fortinet FortiGate
https://nvd.nist.gov/vuln/detail/CVE-2022-42469 (4.3)
OpenvSwitch
https://nvd.nist.gov/vuln/detail/CVE-2023-1668 (medium)
Veritas NetBackUp OpsCenter
https://nvd.nist.gov/vuln/detail/CVE-2023-26789 (n/a)