Kwetsbaarheden - Week 51

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Zabbix
https://nvd.nist.gov/vuln/detail/CVE-2023-32725 (9.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-32727 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-32728 (4.6)

Dell PowerProtect DD
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-te… (8.8-4.3)

Palo Alto Networks PAN-OS
https://nvd.nist.gov/vuln/detail/CVE-2023-6790 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-6792 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-6794 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-6795 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-6791 (4.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-6772 (4.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-6789 (4.3)

Linux Kernel Netfilter
https://nvd.nist.gov/vuln/detail/CVE-2023-6817 (7.8)

Apache Guacamole
https://nvd.nist.gov/vuln/detail/CVE-2023-43826 (7.5)

Dell PowerMaxOS 5978 / Unisphere 360 / Unisphere for PowerMax / Unisphere for PowerMax Virtual Appliance / Solutions Enabler Virtual Appliance / PowerMax EEM Security Update
https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-po… (7.5-4.9)

HPE Integrated Lights-Out 5 (iLO 5) / Integrated Lights-Out 6 (iLO 6)
https://nvd.nist.gov/vuln/detail/CVE-2023-50272 (7.5)

IBM SAN Volume Controller / Storwize / FlashSystem / Storage Virtualize
https://nvd.nist.gov/vuln/detail/CVE-2023-43042 (7.5)

GitLab CE/EE
https://about.gitlab.com/releases/2023/12/13/security-release-gitlab-16… (7.4-4.3)

Jenkins diverse plugins
https://www.jenkins.io/security/advisory/2023-12-13/ (high-medium)

Ivanti Avalanche Premise (voorheen Wavelink Mobile Device Server)
https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt (n/a)

Nagios XI
https://nvd.nist.gov/vuln/detail/CVE-2023-48084 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-48085 (n/a)

Medium

IBM Spectrum Scale
https://nvd.nist.gov/vuln/detail/CVE-2022-43843 (5.9)

Nextcloud Enterprise Server / Server
https://github.com/nextcloud/security-advisories/security/advisories/GH… (5.4)
https://github.com/nextcloud/security-advisories/security/advisories/GH… (5.3)

Dell NetWorker Virtual Edition
https://nvd.nist.gov/vuln/detail/CVE-2023-28053 (5.3)

IBM Cloud Pak for Business Automation
https://nvd.nist.gov/vuln/detail/CVE-2023-40691 (4.9)

IBM System Storage Virtualization Engine
https://www.ibm.com/support/pages/node/7092383 (4.3)

Nextcloud Files iOS
https://github.com/nextcloud/security-advisories/security/advisories/GH… (4.3)

Containerd
https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-… (medium)

Stormshield Network Security
https://advisories.stormshield.eu/2023-032/ (medium)
https://advisories.stormshield.eu/2023-024/ (medium)
https://advisories.stormshield.eu/2023-027/ (medium)

OpenSSH
https://nvd.nist.gov/vuln/detail/CVE-2023-48795 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-51384 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2023-51385 (n/a)