Kwetsbaarheden - Week 03

17 jan 2024

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Atlassian Confluence Data Center / Confluence Server
https://nvd.nist.gov/vuln/detail/CVE-2023-22527 (10.0)
https://nvd.nist.gov/vuln/detail/CVE-2024-21674 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2024-21672 (8.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-21673 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-22526 (7.2)

GitLab CE/EE
https://about.gitlab.com/releases/2024/01/11/critical-security-release-… (10.0-6.6)

Ivanti Connect Secure (ICS) (voorheen Pulse Connect Secure en Ivanti Policy Secure)
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypas… (9.1-8.2)

Zoho ManageEngine ADSelfService Plus
https://nvd.nist.gov/vuln/detail/CVE-2024-0252 (8.8)

IBM Security Access Manager Container (Security Verify Access Appliance / Security Verify Access Docker)
https://nvd.nist.gov/vuln/detail/CVE-2023-31003 (8.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-38267 (6.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-31001 (5.1)

SonicWall NetExtender Windows Client
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-6340 (8.2)

Redis
https://nvd.nist.gov/vuln/detail/CVE-2023-41056 (8.1)

Trend Micro Deep Security Agent / Cloud One
https://success.trendmicro.com/dcx/s/solution/000296337 (7.8)

Juniper Networks Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2024-21604 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21612 (7.5)
ACX7024 / ACX7100-32C / ACX7100-48L
https://nvd.nist.gov/vuln/detail/CVE-2024-21602 (7.5)

Juniper Networks Junos OS / Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2024-21611 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21614 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21613 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21585 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2024-21596 (5.3)

Juniper Networks Paragon Active Assurance Control Center
https://nvd.nist.gov/vuln/detail/CVE-2024-21589 (7.4)

Cisco Unity Connection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (7.3)

GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2024-0200 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2024-0507 (6.5)

Dell iDRAC Service Module
https://nvd.nist.gov/vuln/detail/CVE-2024-22428 (7.0)

Medium

Cisco ThousandEyes Enterprise Agent
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.8)

Hitachi Tuning Manager (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-6457 (6.6)

Cisco Evolved Programmable Network Manager / Prime Infrastructure
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)

Cisco WAP371 Wireless Access Point
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (6.5)

QEMU
https://nvd.nist.gov/vuln/detail/CVE-2023-6683 (6.5)

HCL BigFix Bare OSD Metal Server WebUI
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB01097… (5.6)

Cisco TelePresence Management Suite
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.4)

Hitachi Device Manager (Windows / Linux)
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi… (5.3-4.6)

Cisco BroadWorks Application Delivery Platform / Xtended Services Platform
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.8)

Cisco Identity Services Engine
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (4.8)

WithSecure Endpoint Protection Windows / Client Security / Server Security / Email and Server Security / Elements Endpoint Protection
https://www.withsecure.com/en/support/security-advisories/cve-2024-n (n/a)