Oktober is traditioneel maand van de cybersecurity. Omdat we allemaal al eens een lek vergeten te dichten, lijsten we graag alle kwetsbaarheden van dit jaar nog eens voor je op. Zo kan je ze een voor een afvinken.
Dit overzicht bevat alle kwetsbaarheden bij leveranciers waarop besturen vaak beroep doen. Ga je voor veilig? Vink dan volgende checklist af en patch erop los!
Leverancier | Product | CVE | Omschrijving | Link | Patch |
VEEAM | Backup & Replication 11 | CVE-2023-27532 | Vulnerability in Veeam Backup & Replication component that may lead to gaining access to the backup. | https://www.veeam.com/kb4424 | Veeam 11A / 12 |
VMWARE | vCenter 7 / 8 | CVE-2023-20895 | The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. | https://www.vmware.com/security/advisories/VMSA-2023-0014.html | vCenter 8.0 U1B |
CITRIX | Netscaler 13 | CVE-2023-3519 | Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. | https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 | 13.0-91.13 / 13.1 |
CITRIX | Collaboration ShareFile | CVE-2023-24489 | A vulnerability has been discovered in the customer-managed ShareFile storage zones controller, if exploited, could allow an attacker to compromise the customer | https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489 | 5.11.24 / 5.11+ |
FORTINET | FortiGuard | CVE-2023-33299 | A deserialization of untrusted data vulnerability in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands | https://www.fortiguard.com/psirt/FG-IR-23-074 | Upgrade tool |
FORTINET | FortiOS 7 | CVE-2023-41841 | An improper authorization vulnerability in FortiOS's WEB UI component may allow an authenticated attacker to perform elevated actions. | https://www.fortiguard.com/psirt/FG-IR-23-318 | Upgrade tool |
BARRACUDA | Email Security Gateway | CVE-2023-2868 | Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability, leading to remote command injection. | https://status.barracuda.com/incidents/34kx82j5n4q9 | GEEN |
MICROSOFT | Windows 10 / 11 Server 2022 | CVE-2023-38186 | Windows Mobile Device Management Elevation of Privilege Vulnerability | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38186 | Windows Update Servers KB5029250 |
MICROSOFT | Exchange 2016 Exchange 2019 | CVE-2023-38185 | Microsoft Exchange Server Remote Code Execution Vulnerability | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185 | Exchange 2016 CU23 |

Gepubliceerd op maandag 23 oktober 2023 09:00