Kwetsbaarheden - Week 19

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Cisco Enterprise NFV Infrastructure Software
https://nvd.nist.gov/vuln/detail/CVE-2022-20777 (9.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-20779 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-20780 (7.4)

Microsoft Windows
https://advisories.ncsc.nl/advisory?id=NCSC-2022-0342 (9.8-4.1)

Sophos Firewall
https://nvd.nist.gov/vuln/detail/CVE-2022-1040 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2021-25268 (8.4)

Aruba Clearpass Policy Manager
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt (9.8-4.1)

F5 BIG-IP (Diverse modules)
https://nvd.nist.gov/vuln/detail/CVE-2022-1388 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-28707 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2022-26415 (7.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-26372 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-27189 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-28691 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-28705 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-28701 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-26071 (7.4)
Advanced WAF
https://nvd.nist.gov/vuln/detail/CVE-2022-25946 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-27806 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-29491 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-26890 (7.5)
AFM
https://nvd.nist.gov/vuln/detail/CVE-2022-28716 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-28695 (7.2)
APM
https://nvd.nist.gov/vuln/detail/CVE-2022-25946 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-27806 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-29263 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-27230 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-29491 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-26890 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-28714 (7.3)
ASM
https://nvd.nist.gov/vuln/detail/CVE-2022-25946 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-27806 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-29491 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-26890 (7.5)
CGNAT / PEM
https://nvd.nist.gov/vuln/detail/CVE-2022-28716 (7.5)
Guided Configuration
https://nvd.nist.gov/vuln/detail/CVE-2022-25946 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-27806 (8.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-27230 (7.5)
LTM
https://nvd.nist.gov/vuln/detail/CVE-2022-29491 (7.5)

Cisco ClamAV
https://nvd.nist.gov/vuln/detail/CVE-2022-20770 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2022-20771 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-20785 (7.5)

Microsoft Exchange Server
https://advisories.ncsc.nl/advisory?id=NCSC-2022-0346 (8.2)

Dell Unisphere for PowerMax / Unisphere for PowerMax vApp /
Solutions Enabler vApp / Unisphere 360 / VASA Provider vApp /
PowerMax Embedded Management

https://www.dell.com/support/kbdoc/nl-nl/000197693/dsa-2022-073-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-embedded-management-security-update-for-multiple-vulnerabilities (7.8)

Microsoft Azure
https://nvd.nist.gov/vuln/detail/CVE-2022-29972 (n/a)

Zoho ManageEngine OPManager
https://nvd.nist.gov/vuln/detail/CVE-2022-29535 (n/a)

Medium

F5 BIG-IP (Diverse modules)
https://nvd.nist.gov/vuln/detail/CVE-2022-27878 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-28859 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-29473 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-26370 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-26517 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-28706 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-28708 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-26130 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-29480 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-29479 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-27182 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-26835 (4.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-26340 (4.9)
https://nvd.nist.gov/vuln/detail/CVE-2022-1468 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-27659 (4.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-29474 (4.3)
APM
https://nvd.nist.gov/vuln/detail/CVE-2022-27634 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-27636 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-27181 (5.3)
Guided Configuration
https://nvd.nist.gov/vuln/detail/CVE-2022-27878 (6.8)

Sophos Firewall
https://nvd.nist.gov/vuln/detail/CVE-2021-25267 (6.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-0331 (5.3)

HPE Integrated Lights-Out 4
https://nvd.nist.gov/vuln/detail/CVE-2022-23704 (6.5)

F5 NGINX Service Mesh
https://nvd.nist.gov/vuln/detail/CVE-2022-27495 (6.5)

Cisco ClamAV
https://nvd.nist.gov/vuln/detail/CVE-2022-20796 (6.5)

Cisco TelePresence Collaboration Endpoint / Cisco RoomOS
https://nvd.nist.gov/vuln/detail/CVE-2022-20764 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2022-20794 (4.7)

Auth0
https://nvd.nist.gov/vuln/detail/CVE-2022-29172 (6.1)

HPE Nimble Storage Flash Arrays
https://nvd.nist.gov/vuln/detail/CVE-2022-23705 (5.4)

F5 BIG-IQ Centralized Management
https://nvd.nist.gov/vuln/detail/CVE-2022-29479 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-26340 (4.9)

F5 F5OS-A
https://nvd.nist.gov/vuln/detail/CVE-2022-25990 (5.3)

F5 Traffix SDC
https://nvd.nist.gov/vuln/detail/CVE-2022-27662 (4.8)
https://nvd.nist.gov/vuln/detail/CVE-2022-27880 (4.8)

SonicWall SSL-VPN NetExtender Windows Client
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0008 (4.8)

Cisco Small Business RV Series Routers
https://nvd.nist.gov/vuln/detail/CVE-2022-20753 (4.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-20799 (4.7)
https://nvd.nist.gov/vuln/detail/CVE-2022-20801 (4.7)

Cisco SD-WAN vManage Software
https://nvd.nist.gov/vuln/detail/CVE-2022-20734 (4.4)

OpenLDAP
https://nvd.nist.gov/vuln/detail/CVE-2022-29155 (n/a)