Kwetsbaarheden - Week 16

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Palo Alto Networks PAN-OS software
https://nvd.nist.gov/vuln/detail/CVE-2024-3400 (10.0)
https://nvd.nist.gov/vuln/detail/CVE-2024-3382 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-3384 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-3385 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-3383 (7.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-3386 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-3388 (4.1)

Ivanti Avalanche
https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-… (9.8-4.3)

Atlassian Confluence Data Center
https://nvd.nist.gov/vuln/detail/CVE-2024-21676 (8.8)

Netdata
https://nvd.nist.gov/vuln/detail/CVE-2024-32019 (8.8)

GitLab CE/EE
https://about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10… (8.7-4.3)

Juniper Networks Paragon Active Assurance Control Center
https://nvd.nist.gov/vuln/detail/CVE-2024-30381 (8.4)

Juniper Networks Juniper Cloud Native Router (JCNR)
https://nvd.nist.gov/vuln/detail/CVE-2024-30407 (8.1)

Oracle VM VirtualBox
https://nvd.nist.gov/vuln/detail/CVE-2024-21112 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-21113 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-21114 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-21115 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-21103 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-21111 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-21116 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-21110 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-21107 (6.7)
https://nvd.nist.gov/vuln/detail/CVE-2024-21106 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21121 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21109 (5.9)

IBM Security Verify Access Appliance
https://nvd.nist.gov/vuln/detail/CVE-2024-31871 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-31872 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-31873 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-31874 (6.2)

IBM Security Verify Privilege
https://nvd.nist.gov/vuln/detail/CVE-2024-31887 (7.5)

Juniper Networks Juno OS
https://nvd.nist.gov/vuln/detail/CVE-2024-30397 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-30390 (5.3)
SRX 5000 Series
https://nvd.nist.gov/vuln/detail/CVE-2024-30405 (7.5)
MX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-30392 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-30401 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2024-30378 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21610 (5.3)
SRX4600
https://nvd.nist.gov/vuln/detail/CVE-2024-30398 (7.5)
ACX5448 / ACX710
https://nvd.nist.gov/vuln/detail/CVE-2024-30387 (6.5)
MX Series with SPC3 / SRX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-21609 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-30391 (4.8)
QFX5000 Series / EX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-30388 (6.5)
SRX 300 Series
https://nvd.nist.gov/vuln/detail/CVE-2024-21605 (6.5)
EX4300 Series
https://nvd.nist.gov/vuln/detail/CVE-2024-30410 (5.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-30389 (5.8)
https://nvd.nist.gov/vuln/detail/CVE-2024-30384 (5.5)

Juniper Networks Junos OS / Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2024-21598 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-30394 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-30395 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-30382 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21618 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-30380 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-30402 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2024-30409 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-30386 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-21615 (5.0)
MX Series MPC10 / MPC11 / LC9600 / MX304
https://nvd.nist.gov/vuln/detail/CVE-2024-21593 (6.5)

Traefik
https://nvd.nist.gov/vuln/detail/CVE-2024-28869 (7.5)

PuTTY
https://nvd.nist.gov/vuln/detail/CVE-2024-31497 (n/a)

Medium

HPE FlexFabric / FlexNetwork Series
https://nvd.nist.gov/vuln/detail/CVE-2024-22439 (6.9)

Juniper Networks Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2024-30403 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2024-21590 (5.3)
ACX Series
https://nvd.nist.gov/vuln/detail/CVE-2024-30406 (5.5)

HCL DevOps Deploy / Launch
https://nvd.nist.gov/vuln/detail/CVE-2024-23558 (6.3)
https://nvd.nist.gov/vuln/detail/CVE-2024-23559 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2024-23560 (4.4)
https://nvd.nist.gov/vuln/detail/CVE-2024-23561 (4.3)

Dell Storage Resource Manager
https://nvd.nist.gov/vuln/detail/CVE-2024-0157 (5.9)

QEMU
https://nvd.nist.gov/vuln/detail/CVE-2024-3567 (5.5)

Palo Alto Networks Panorama software
https://nvd.nist.gov/vuln/detail/CVE-2024-3387 (5.3)

Portainer CE
https://nvd.nist.gov/vuln/detail/CVE-2024-29296 (5.3)

Argo CD
https://nvd.nist.gov/vuln/detail/CVE-2024-31990 (4.8)

Apache Traffic Server
https://nvd.nist.gov/vuln/detail/CVE-2024-31309 (n/a)

Linux Kernel Netfilter
https://nvd.nist.gov/vuln/detail/CVE-2024-26834 (n/a)
https://nvd.nist.gov/vuln/detail/CVE-2024-26835 (n/a)

OpenStack Magnum
https://nvd.nist.gov/vuln/detail/CVE-2024-28718 (n/a)