Kwetsbaarheden - Week 32

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Metabase
https://nvd.nist.gov/vuln/detail/CVE-2023-37470 (10.0)

Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticat… (10.0)

Dell EMC Enterprise SONiC OS
https://www.dell.com/support/kbdoc/nl-nl/000216586/dsa-2023-284-securit… (9.8)

Dell Networking MX Series Switches
https://www.dell.com/support/kbdoc/nl-nl/000216530/dsa-2023-293-securit… (9.8-9.1)

Dell SmartFabric OS10
https://www.dell.com/support/kbdoc/nl-nl/000216584/dsa-2023-124-securit… (9.8-9.1)

Dell SmartFabric Storage Software
https://www.dell.com/support/kbdoc/nl-nl/000216587/dsa-2023-283-securit… (9.8)

GitLab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2023-4008 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-3932 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-4002 (6.5)

Microsoft Exchange
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0410 (9.8-8.0)

Microsoft Windows
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0409 (9.8-5.4)

OX App Suite
https://nvd.nist.gov/vuln/detail/CVE-2023-26443 (9.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-26439 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-26440 (7.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-26451 (7.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-26441 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-26445 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-26446 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-26447 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-26448 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-26449 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-26450 (5.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-26430 (4.3)

Zoom Desktop Client for Windows
https://nvd.nist.gov/vuln/detail/CVE-2023-39216 (9.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-36534 (9.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-36541 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-36540 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-39209 (5.9)

Zoom Desktop Client for Windows / VDI Client
https://nvd.nist.gov/vuln/detail/CVE-2023-39213 (9.6)

Zoom Desktop Client for Windows / Rooms for Windows
https://nvd.nist.gov/vuln/detail/CVE-2023-39211 (8.8)

Zoom Rooms for Windows
https://nvd.nist.gov/vuln/detail/CVE-2023-39212 (7.9)

F5 BIG-IP APM Edge Client Installer (macOS)
https://nvd.nist.gov/vuln/detail/CVE-2023-38418 (7.8)

Zoom SDK
https://nvd.nist.gov/vuln/detail/CVE-2023-39214 (7.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-36533 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-39210 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-39217 (5.3)

Dell XtremIO X2 XMS
https://nvd.nist.gov/vuln/detail/CVE-2022-34453 (7.1)

Zoom alle clients
https://nvd.nist.gov/vuln/detail/CVE-2023-36535 (7.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-39218 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-36532 (5.9)

Microsoft Azure
https://www.ncsc.nl/actueel/advisory?id=NCSC-2023-0413 (7.0-4.5)

Zoho ManageEngine ADManager Plus
https://nvd.nist.gov/vuln/detail/CVE-2023-38332 (high)

Citrix Hypervisor / XenServer / Xen
https://support.citrix.com/article/CTX569353/citrix-hypervisor-security… (n/a)

NoMachine Free Edition / Enterprise Client (macOS)
https://nvd.nist.gov/vuln/detail/CVE-2023-39107 (n/a)

Zoho ManageEngine ADAudit Plus
https://nvd.nist.gov/vuln/detail/CVE-2023-32783 (n/a)

Medium

QEMU
https://nvd.nist.gov/vuln/detail/CVE-2023-3180 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-4135 (6.0)

Fortinet FortiOS
https://www.fortiguard.com/psirt/FG-IR-23-149 (6.4)

Dell SupportAssist for Business
https://www.dell.com/support/kbdoc/nl-nl/000216574/security-update-for-… (6.3)

F5 BIG-IP TMUI/Configuration utility
https://nvd.nist.gov/vuln/detail/CVE-2023-38138 (6.1)

F5 BIG-IP Cavium Nitrox FIPS HSM card
https://nvd.nist.gov/vuln/detail/CVE-2023-3470 (6.1)

Fujitsu Software Infrastructure Manager (ISM)
https://nvd.nist.gov/vuln/detail/CVE-2023-39379 (5.9)
https://nvd.nist.gov/vuln/detail/CVE-2023-39903 (5.9)

Cisco Secure Web Appliance
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.8)

F5 BIG-IP APM Edge Client (Windows / macOS)
https://nvd.nist.gov/vuln/detail/CVE-2023-36858 (5.5)

F5 BIG-IP Configuration utility
https://nvd.nist.gov/vuln/detail/CVE-2023-38423 (5.4)

Cisco BroadWorks CommPilot Application Software
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAd… (5.4)

VMware Horizon Server
https://www.vmware.com/security/advisories/VMSA-2023-0017.html (5.3)

F5 F5OS-A
https://nvd.nist.gov/vuln/detail/CVE-2023-36494 (4.4)

F5 BIG-IP / BIG-IQ Centralized Management iControl SOAP
https://nvd.nist.gov/vuln/detail/CVE-2023-38419 (4.3)

Zoho ManageEngine Network Configuration Manager
https://nvd.nist.gov/vuln/detail/CVE-2023-29505 (4.3)