Kwetsbaarheden - Week 03

19 jan 2022

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

High

Oracle (alle) producten

https://www.oracle.com/security-alerts/cpujan2022.html (10.0-2.7)

Zabbix

https://nvd.nist.gov/vuln/detail/CVE-2022-23131 (9.1)

Arista EOS

https://nvd.nist.gov/vuln/detail/CVE-2021-28506 (9.1)

https://nvd.nist.gov/vuln/detail/CVE-2021-28501 (9.1)

https://nvd.nist.gov/vuln/detail/CVE-2021-28500 (9.1)

Citrix Hypervisor

https://nvd.nist.gov/vuln/detail/CVE-2021-28704 (8.8)

https://nvd.nist.gov/vuln/detail/CVE-2021-28705 (7.8)

Gitlab CE / EE

https://nvd.nist.gov/vuln/detail/CVE-2021-39946 (8.7)

https://nvd.nist.gov/vuln/detail/CVE-2022-0244 (8.6)

https://nvd.nist.gov/vuln/detail/CVE-2022-0154 (7.5)

Palo Alto Networks Cortex XDR Agent

https://nvd.nist.gov/vuln/detail/CVE-2022-0015 (7.8)

Teamviewer

https://nvd.nist.gov/vuln/detail/CVE-2021-34858 (7.8)

Zoho

ManageEngine Desktop Central / Desktop Central MSP

https://nvd.nist.gov/vuln/detail/CVE-2021-44757 (n/a)

ManageEngine CloudSecurityPlus

https://nvd.nist.gov/vuln/detail/CVE-2021-44651 (n/a)

Imperva Web Application Firewall

https://nvd.nist.gov/vuln/detail/CVE-2021-45468 (n/a)

Medium

Palo Alto Networks Cortex XDR Agent

https://nvd.nist.gov/vuln/detail/CVE-2022-0014 (6.7)

https://nvd.nist.gov/vuln/detail/CVE-2022-0012 (6.1)

https://nvd.nist.gov/vuln/detail/CVE-2022-0013 (5.0)

Cisco

Adaptive Security Device Manager

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422 (5.5)

Prime Infrastructure / Evolved Programmable Network Manager

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn (6.5-6.1)

Prime Access Registrar

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB (4.8)

Secure Network Analytics

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ (6.1)

Tetration

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO (6.5)

Gitlab CE / EE

https://nvd.nist.gov/vuln/detail/CVE-2022-0151 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-0090 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-0152 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2021-39942 (4.3)

https://nvd.nist.gov/vuln/detail/CVE-2021-39892 (4.3)

https://nvd.nist.gov/vuln/detail/CVE-2022-0124 (4.3)

https://nvd.nist.gov/vuln/detail/CVE-2022-0125 (4.3)

Huawei CloudEngine

https://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220112-01-invalid-en (6.5)

https://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220112-01-infodis-en (4.4)

Juniper Networks

ACX5448

https://nvd.nist.gov/vuln/detail/CVE-2022-22155 (6.5)

Junos Fusion

https://nvd.nist.gov/vuln/detail/CVE-2022-22154 (6.8)

Junos OS

https://nvd.nist.gov/vuln/detail/CVE-2022-22166 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-22156 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-22179 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-22172 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-22169 (5.9)

https://nvd.nist.gov/vuln/detail/CVE-2022-22177 (5.3)

Juniper Networks Junos OS Evolved

https://nvd.nist.gov/vuln/detail/CVE-2022-22164 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-22172 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-22169 (5.9)

https://nvd.nist.gov/vuln/detail/CVE-2022-22177 (5.3)

MX Series

https://nvd.nist.gov/vuln/detail/CVE-2022-22160 (6.5)

https://nvd.nist.gov/vuln/detail/CVE-2022-22168 (6.5)

Zabbix

https://nvd.nist.gov/vuln/detail/CVE-2022-23133 (6.3)

Arista EOS

https://nvd.nist.gov/vuln/detail/CVE-2021-28507 (5.5)

Docker Desktop

https://nvd.nist.gov/vuln/detail/CVE-2021-45449 (n/a)

Jenkins

https://nvd.nist.gov/vuln/detail/CVE-2022-20612 (4.3)

Active Directory Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-23105 (n/a)

Badge Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-23108 (n/a)

Batch Task plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-23115 (n/a)

Bitbucker Branch Source Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-20618 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2022-20619 (n/a)

Configuration as Code Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-23106 (n/a)

Conjur Secrets Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-23116 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2022-23117 (n/a)

Credentials Binding Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-20616 (4.3)

Debian Package Builder Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-23118 (n/a)

Dockers Common Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-20617 (n/a)

HashiCorp Vault Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-23109 (n/a)

Mailer Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-20613 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2022-20614 (n/a)

Matrix Project Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-20615 (n/a)

Metrics Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-20621 (n/a)

Publish over SSH Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-23110 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2022-23111 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2022-23112 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2022-23113 (n/a)

https://nvd.nist.gov/vuln/detail/CVE-2022-23114 (n/a)

SSH Agent Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-20620 (n/a)

Warnings Next Generation Plugin

https://nvd.nist.gov/vuln/detail/CVE-2022-23107 (n/a)

VMWare Workstation / Horizon Client (Windows)

https://www.vmware.com/security/advisories/VMSA-2022-0002.html (4.0)