Kwetsbaarheden - Week 41

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

F5 BIG-IP (all modules)
https://nvd.nist.gov/vuln/detail/CVE-2023-41373 (9.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-43746 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-40537 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-40542 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-41085 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-42768 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-45219 (4.4)

Atlassian Confluence Data Center / Confluence Server
https://nvd.nist.gov/vuln/detail/CVE-2023-22515 (9.8)

Microsoft Windows
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0515 (9.8-4.4)

Puppet Bolt
https://nvd.nist.gov/vuln/detail/CVE-2023-5214 (9.8)

Fortinet FortiSIEM
https://nvd.nist.gov/vuln/detail/CVE-2023-34992 (9.8)

Fortinet FortiWLM
https://www.fortiguard.com/psirt/FG-IR-23-140 (9.6)
https://www.fortiguard.com/psirt/FG-IR-23-141 (8.6)

Citrix NetScaler ADC / NetScaler Gateway
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscale… (9.4-8.2)

Fortinet FortiMail
https://nvd.nist.gov/vuln/detail/CVE-2023-36556 (8.8)

Microsoft Azure
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0513 (8.8-7.3)

Cisco Unified Communications Products
https://nvd.nist.gov/vuln/detail/CVE-2023-20259 (8.6)

Fortinet FortiManager / FortiAnalyzer
https://www.fortiguard.com/psirt/FG-IR-23-189 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-42788 (7.8)
https://www.fortiguard.com/psirt/FG-IR-19-039 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-44249 (4.3)

Fortinet FortiManager
https://nvd.nist.gov/vuln/detail/CVE-2023-41679 (8.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-41838 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-42787 (6.5)

IBM Spectrum Protect Client / Storage Protect for Virtual Environments
https://nvd.nist.gov/vuln/detail/CVE-2023-35897 (8.4)

Fortinet FortiOS
https://nvd.nist.gov/vuln/detail/CVE-2023-41841 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-33301 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-37935 (6.5)

Microsoft Exchange Server
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0516 (8.0)

Acronis Agent (Linux / macOS / Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-44209 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-44211 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-44212 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-45244 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-45246 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-45247 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-45248 (6.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-44210 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-44213 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-44214 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-45240 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-45241 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-45242 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-45243 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-45245 (5.5)

F5 BIG-IP APM / APM Clients Edge Client for macOS installer
https://nvd.nist.gov/vuln/detail/CVE-2023-43611 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-5450 (7.3)

Fortinet FortiManager / FortiAnalyzer / FortiADC
https://nvd.nist.gov/vuln/detail/CVE-2023-25607 (7.8)

Trellix Endpoint Security (ENS)
https://nvd.nist.gov/vuln/detail/CVE-2023-3665 (7.8)

Fortinet FortiEDR
https://www.fortiguard.com/psirt/FG-IR-23-007 (7.7)

F5 BIG-IP (all modules) / BIG-IP Next SPK
https://nvd.nist.gov/vuln/detail/CVE-2023-40534 (7.5)

Fortinet IPS Engine
https://nvd.nist.gov/vuln/detail/CVE-2023-40718 (7.5)

HCL BigFix Platform
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB01077… (8.2-5.3)

IBM Security Directory Suite
https://nvd.nist.gov/vuln/detail/CVE-2022-33160 (7.5)

BIG-IP Next SPK
https://nvd.nist.gov/vuln/detail/CVE-2023-45226 (7.4)

Open vSwitch
https://nvd.nist.gov/vuln/detail/CVE-2023-5366 (7.1)

Citrix Hypervisor
https://support.citrix.com/article/CTX575089/citrix-hypervisor-multiple… (n/a)

Xen
https://xenbits.xenproject.org/xsa/advisory-440.html (n/a)
https://xenbits.xenproject.org/xsa/advisory-441.html (n/a)
https://xenbits.xenproject.org/xsa/advisory-442.html (n/a)
https://xenbits.xenproject.org/xsa/advisory-443.html (n/a)
https://xenbits.xenproject.org/xsa/advisory-444.html (n/a)

Medium

Fortinet FortiIsolator
https://nvd.nist.gov/vuln/detail/CVE-2022-22298 (6.7)

Cisco IOS XE Software
https://nvd.nist.gov/vuln/detail/CVE-2023-20235 (6.5)

BigFix Insights for Vulnerability Remediation (IVR)
https://nvd.nist.gov/vuln/detail/CVE-2022-44757 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-44758 (6.5)

F5 BIG-IP (all modules) / BIG-IQ Centralized Management
https://nvd.nist.gov/vuln/detail/CVE-2023-43485 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-41964 (4.3)

F5 BIG-IP DNS / BIG-IP LTM enabled with DNS Services License
https://nvd.nist.gov/vuln/detail/CVE-2023-41253 (5.5)

Fortinet FortiGuest
https://nvd.nist.gov/vuln/detail/CVE-2023-25604 (5.5)

Fortinet FortiAnalyzer
https://nvd.nist.gov/vuln/detail/CVE-2023-42782 (5.3)

Fortinet FortiOS / FortiProxy
https://nvd.nist.gov/vuln/detail/CVE-2023-41675 (5.3)

Open Virtual Network (OVN)
https://nvd.nist.gov/vuln/detail/CVE-2023-3153 (5.3)

Ivanti Endpoint Manager (EPM)
https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084 (4.7)
https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083 (4.5)

HCL BigFix Patch Management
https://nvd.nist.gov/vuln/detail/CVE-2022-42451 (4.6)

F5 BIG-IP APM Guided Configuration
https://nvd.nist.gov/vuln/detail/CVE-2023-39447 (4.4)

OpenShift API
https://nvd.nist.gov/vuln/detail/CVE-2022-3248 (4.4)