Kwetsbaarheden - Week 47

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

ownCloud
https://nvd.nist.gov/vuln/detail/CVE-2023-49103 (10.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-49105 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-49104 (8.7)

Fortinet FortiSIEM
https://www.fortiguard.com/psirt/FG-IR-23-135 (9.3)
https://www.fortiguard.com/psirt/FG-IR-23-290 (4.2)

Fortinet FortiWLM
https://www.fortiguard.com/psirt/FG-IR-23-142 (9.3)
https://www.fortiguard.com/psirt/FG-IR-23-143 (7.3)

Fortinet FortiWAN
https://www.fortiguard.com/psirt/FG-IR-23-061 (8.6)
https://www.fortiguard.com/psirt/FG-IR-23-265 (8.1)

Atlassian Bamboo Data Center and Server
https://nvd.nist.gov/vuln/detail/CVE-2023-22516 (8.5)

Ivanti Endpoint Manager Mobile (EPMM)
https://forums.ivanti.com/s/article/CVE-2023-39335 (8.5)
https://forums.ivanti.com/s/article/CVE-2023-39337 (6.8)

Nextcloud Server / Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2023-48239 (8.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-48306 (5.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-48304 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-48305 (4.2)

Elastic Logstash
https://nvd.nist.gov/vuln/detail/CVE-2023-46672 (8.4)

Atlassian Crowd Data Center and Server
https://nvd.nist.gov/vuln/detail/CVE-2023-22521 (8.0)

Elastic Kibana
https://discuss.elastic.co/t/kibana-8-11-1-security-update-esa-2023-25/… (8.0)

Trellix ePolicy Orchestrator
https://nvd.nist.gov/vuln/detail/CVE-2023-5444 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-5445 (5.4)

Fortinet FortiADC
https://www.fortiguard.com/psirt/FG-IR-22-292 (7.9)

Ivanti Secure Access client (Windows / Linux)
https://forums.ivanti.com/s/article/Security-fixes-included-in-the-late… (7.8-5.3)

Zoom Clients (All)
https://nvd.nist.gov/vuln/detail/CVE-2023-43582 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-39204 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-39206 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-39199 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-39205 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-43588 (6.5)

Zoom Rooms (macOS)
https://nvd.nist.gov/vuln/detail/CVE-2023-43590 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-43591 (7.8)

Zyxel SecuExtender SSL VPN Client (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-5593 (7.8)

Zoom Rooms Client (Windows) / VDI Client
https://nvd.nist.gov/vuln/detail/CVE-2023-39203 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-39202 (5.5)

Fortinet FortiClient (Windows)
https://www.fortiguard.com/psirt/FG-IR-23-274 (7.4)
https://www.fortiguard.com/psirt/FG-IR-22-299 (7.1)
https://www.fortiguard.com/psirt/FG-IR-23-108 (4.4)

WithSecure Client Security / Server Security / Email and Server Security / Elements Endpoint Protection
https://nvd.nist.gov/vuln/detail/CVE-2023-47172 (high)

Xen
https://xenbits.xenproject.org/xsa/advisory-445.html (n/a)
https://xenbits.xenproject.org/xsa/advisory-446.html (n/a)

Medium

Cisco Identity Services Engine (ISE)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.7)

LibreNMS
https://nvd.nist.gov/vuln/detail/CVE-2023-48295 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-46745 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-48294 (4.3)

Fortinet FortiADC / FortiDDoS-F
https://www.fortiguard.com/psirt/FG-IR-23-064 (6.2)
https://www.fortiguard.com/psirt/FG-IR-22-518 (5.4)

Fortinet FortiOS / FortiProxy
https://www.fortiguard.com/psirt/FG-IR-23-151 (6.2)
https://www.fortiguard.com/psirt/FG-IR-22-396 (5.8)

OpenNMS Meridian / Horizon
https://nvd.nist.gov/vuln/detail/CVE-2023-40314 (5.8)

Cisco IP phone
https://nvd.nist.gov/vuln/detail/CVE-2023-20265 (5.5)

Fortinet FortiMail
https://www.fortiguard.com/psirt/FG-IR-23-287 (5.3)
https://www.fortiguard.com/psirt/FG-IR-23-203 (5.3)

Cisco Secure Client Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.0)

Cisco Secure Endpoint (Windows)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.0)

Fortinet FortiManager / FortiAnalyzer
https://www.fortiguard.com/psirt/FG-IR-23-177 (4.1)

Fortinet FortiEDRCollector (Windows)
https://www.fortiguard.com/psirt/FG-IR-23-306 (4.0)

WithSecure Client Security / Server Security / Email and Server Security / Elements Endpoint Protection / Client Security for Mac / Elements Endpoint Protection for Mac / Linux Security 64 / Linux Protection / Atlant (voorheen F-Secure Atlant)
https://nvd.nist.gov/vuln/detail/CVE-2023-47263 (medium)
https://nvd.nist.gov/vuln/detail/CVE-2023-47264 (medium)