Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners. Deze selectie wordt gezamenlijk met relevant nieuws verspreid in de Mid of Week.
De inschatting van low/medium/high wordt gemaakt op basis van de CVSS 3.1 base score van de kwetsbaarheid. 0.0-3.9 is low, 4.0-6.9 is medium, 7.0-10.0 is high.
Kwetsbaarheden die als low worden geclassificeerd komen niet in dit overzicht terug.
High
Cisco SD-WAN
https://nvd.nist.gov/vuln/detail/CVE-2021-1300 (9.8)
Cisco Smart Software Manager
https://nvd.nist.gov/vuln/detail/CVE-2021-1138 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1139 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1140 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1141 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1142 (9.8)
Cisco Data Center Network Manager
https://nvd.nist.gov/vuln/detail/CVE-2021-1247 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1248 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1272 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-1276 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-1277 (7.5)
DNSmasq
https://nvd.nist.gov/vuln/detail/CVE-2020-25681 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2020-25682 (8.1)
Oracle VirtualBox
https://nvd.nist.gov/vuln/detail/CVE-2021-2129 (7.9)
Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2020-8295 (7.5)
Sudo
https://nvd.nist.gov/vuln/detail/CVE-2021-3156 (7.0)
Nagios XI (Docker Config Wizard)
https://nvd.nist.gov/vuln/detail/CVE-2021-3193 (n/a)
Medium
Cisco Data Center Network Manager
https://nvd.nist.gov/vuln/detail/CVE-2021-1249 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-1250 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-1253 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-1286 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-1269 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-1270 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-1283 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-1133 (4.6)
https://nvd.nist.gov/vuln/detail/CVE-2021-1135 (4.6)
https://nvd.nist.gov/vuln/detail/CVE-2021-1255 (4.6)
Oracle VirtualBox
https://nvd.nist.gov/vuln/detail/CVE-2021-2128 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-2124 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2021-2126 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2021-2131 (6.0)
https://nvd.nist.gov/vuln/detail/CVE-2021-2125 (4.6)
https://nvd.nist.gov/vuln/detail/CVE-2021-2127 (4.4)
https://nvd.nist.gov/vuln/detail/CVE-2021-2130 (4.4)
Nextcloud Server
https://nvd.nist.gov/vuln/detail/CVE-2020-8293 (5.7)
Kubernetes
https://nvd.nist.gov/vuln/detail/CVE-2020-8554 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2020-8568 (5.8)
https://nvd.nist.gov/vuln/detail/CVE-2020-8567 (4.9)
https://nvd.nist.gov/vuln/detail/CVE-2020-8569 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2020-8570 (n/a)
DNSmasq
https://nvd.nist.gov/vuln/detail/CVE-2020-25683 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2020-25687 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2020-25684 (4.0)
https://nvd.nist.gov/vuln/detail/CVE-2020-25685 (4.0)
https://nvd.nist.gov/vuln/detail/CVE-2020-25686 (4.0)
Cisco Security Managers
https://nvd.nist.gov/vuln/detail/CVE-2021-1129 (5.3)
Xen Hypervisor
https://nvd.nist.gov/vuln/detail/CVE-2021-3308 (n/a)
OpenLDAP
https://nvd.nist.gov/vuln/detail/CVE-2020-36221 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2020-36222 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2020-36223 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2020-36224 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2020-36225 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2020-36226 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2020-36227 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2020-36228 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2020-36229 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2020-36230 (n/a)
Bent u een digitale dienstverlener en wenst u onze complete Mid of Week te ontvangen? Dan kunt u per e-mail uw aanmelding doorgeven. Vermeld hierbij het e-mailadres waar u de Mid of Week op wenst te ontvangen.