Kwetsbaarheden - Week 27

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Juniper Networks Session Smart Router
https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US (10.0)

Gitlab CE/EE
https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/ (9.6-4.3) 

Cloud Foundry
https://nvd.nist.gov/vuln/detail/CVE-2024-37082 (9.0)

Juniper Networks Junos OS
https://nvd.nist.gov/vuln/detail/CVE-2024-21586 (8.7) 

IBM Security Verify Access Appliance / Security Verify Access Container
https://www.ibm.com/support/pages/node/7158790 (8.4-5.9)

OpenSSH
https://nvd.nist.gov/vuln/detail/CVE-2024-6387 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-39894 (n/a)

Dell iDRAC9
https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability (7.6)

IBM OpenBMC FW1050.00
https://nvd.nist.gov/vuln/detail/CVE-2024-31916 (7.5)

WatchGuard Firebox
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00011 (7.2)

Medium

VMware Workspace One UEM
https://www.vmware.com/security/advisories/OMSA-2024-0001.html (6.8) 

Dell PowerScale OneFS
https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities (6.7-4.4)

Envoy
https://nvd.nist.gov/vuln/detail/CVE-2024-39305 (6.5)

Cisco NX-OS Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP (6.0)

Dell PowerEdge Server BIOS 
https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability (5.3) 

VMware Cloud Director
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24372 (5.3)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24371 (4.9)

Dell Client BIOS
https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability (5.1)

Hitachi Ops Center Common Services
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html (5.1)

Checkmk
https://checkmk.com/werk/17059 (4.3)

IBM Cloud Pak for Security / QRadar Software Suite
https://nvd.nist.gov/vuln/detail/CVE-2022-38383 (4.0)

Jenkins
https://www.jenkins.io/security/advisory/2024-06-26/ (medium)