Kwetsbaarheden - Week 36

13 sep 2023

Het CSIRT-DSP maakt op wekelijkse basis een selectie van kwetsbaarheden, waarbij het CSIRT-DSP de inschatting heeft gemaakt dat deze relevant zijn voor digitale dienstverleners.

Het betreft een selectie van 'Medium' en 'High' kwetsbaarheden. Voor de inschatting hiervan wordt er gebruik gemaakt van de CVSS 3.1 base scores indien deze beschikbaar zijn. Indien deze niet beschikbaar zijn, zal dit worden aangegeven met 'n/a'.

Critical & High

Acronis Cyber Protect Home Office (Windows) / Agent (Windows) / Cyber Protect 15 (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2022-45451 (8.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-41743 (8.8)

Broadcom Brocade Fabric OS
https://nvd.nist.gov/vuln/detail/CVE-2023-3489 (8.6)
https://nvd.nist.gov/vuln/detail/CVE-2023-4162 (4.4)
https://nvd.nist.gov/vuln/detail/CVE-2023-4163 (4.4)

Broadcom SANnav
https://nvd.nist.gov/vuln/detail/CVE-2023-31424 (8.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-31423 (5.7)
https://nvd.nist.gov/vuln/detail/CVE-2023-31925 (5.4)

Acronis Cloud Manager (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-41746 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-41748 (8.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-41747 (6.5)

Acronis Agent (macOS) / Cyber Protect 15 (macOS)
https://nvd.nist.gov/vuln/detail/CVE-2023-41744 (7.8)

Juniper Networks Junos OS / Junos OS Evolved
https://nvd.nist.gov/vuln/detail/CVE-2023-4481 (7.5)

VMware Tools
https://nvd.nist.gov/vuln/detail/CVE-2023-20900 (7.5)

Acronis Cyber Protect Home Office (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2022-46869 (7.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-46868 (6.7)

GitLab CE/EE
https://nvd.nist.gov/vuln/detail/CVE-2023-3915 (7.2)
https://nvd.nist.gov/vuln/detail/CVE-2023-3205 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-3210 (6.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-4378 (5.5)
https://nvd.nist.gov/vuln/detail/CVE-2023-4647 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2022-4343 (5.0)
https://nvd.nist.gov/vuln/detail/CVE-2023-4018 (4.3)

Xen
https://xenbits.xenproject.org/xsa/advisory-437.html (n/a)

Medium

Zoho ManageEngine ADSelfService Plus GINA Client
https://nvd.nist.gov/vuln/detail/CVE-2023-35719 (6.8)

SolarWinds Serv-U
https://www.solarwinds.com/trust-center/security-advisories/cve-2023-40… (6.6)

Cisco Emergency Responder / Unified Communications Manager (Unified CM) / Unified Communications Manager Session Management Edition (Unified CM SME) / Unity Connection
https://nvd.nist.gov/vuln/detail/CVE-2023-20266 (6.5)

Acronis Agent (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-41751 (6.3)

Acronis Agent (Linux, macOS, Windows) / Cyber Protect 15 (Linux, macOS, Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-41745 (6.1)
https://nvd.nist.gov/vuln/detail/CVE-2023-41742 (4.3)

GitHub Enterprise Server
https://nvd.nist.gov/vuln/detail/CVE-2023-23763 (5.3)
https://nvd.nist.gov/vuln/detail/CVE-2023-23765 (4.8)

IBM Sterling Secure Proxy
https://nvd.nist.gov/vuln/detail/CVE-2023-29261 (5.1)

IBM Sterling Secure Proxy / Sterling External Authentication Server
https://nvd.nist.gov/vuln/detail/CVE-2023-32338 (5.1)

Acronis Agent (Linux, macOS, Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-4688 (n/a) (4.4)

Acronis Agent (Windows) / Cyber Protect 15 (Windows)
https://nvd.nist.gov/vuln/detail/CVE-2023-41749 (4.4)