Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners. Deze selectie wordt gezamenlijk met relevant nieuws verspreid in de Mid of Week.
De inschatting van low/medium/high wordt gemaakt op basis van de CVSS 3.1 base score van de kwetsbaarheid. 0.0-3.9 is low, 4.0-6.9 is medium, 7.0-10.0 is high.
Kwetsbaarheden die als low worden geclassificeerd komen niet in dit overzicht terug.
High
Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2021-0995 (9.0-4.2)
Microsoft Windows Exchange Server
https://nvd.nist.gov/vuln/detail/CVE-2021-42321 (8.8)
Microsoft Windows Remote Desktop Protocol
https://nvd.nist.gov/vuln/detail/CVE-2021-38666 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-38665 (7.4)
Microsoft Windows Malware Protection Engine
https://advisories.ncsc.nl/advisory?id=NCSC-2021-0988 (7.8)
Cisco Anyconnect Secure Mobility Client (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2021-40124 (7.8)
Cisco Email Security Appliance
https://nvd.nist.gov/vuln/detail/CVE-2021-34741 (7.5)
Citrix ADC / Gateway / SD-WAN WANOP
https://support.citrix.com/article/ctx330728 (n/a)
Medium
Microsoft Azure
https://advisories.ncsc.nl/advisory?id=NCSC-2021-0989 (6.7-3.3)
Gitlab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2021-39913 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2021-39903 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-39906 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2021-22260 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2021-39907 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-39909 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-39912 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-39895 (4.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-39902 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-39904 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2021-39905 (4.3)
Microsoft Windows Exchange Server
https://nvd.nist.gov/vuln/detail/CVE-2021-41349 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2021-42305 (6.5)
Huawei NGFW / IPS / USG
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210512-01-infomationleak-en (5.9)
Microsoft Windows Remote Desktop Protocol
https://nvd.nist.gov/vuln/detail/CVE-2021-38631 (4.4)
https://nvd.nist.gov/vuln/detail/CVE-2021-41371 (4.4)
Cisco Umbrella
https://nvd.nist.gov/vuln/detail/CVE-2021-40126 (4.3)
RPKI-Validators
https://advisories.ncsc.nl/advisory?id=NCSC-2021-0987 (n/a)