The bulletin from CERT-FR highlights significant vulnerabilities of the past week, emphasizing their criticality and the importance of analyzing all alerts and advisories to prioritize patching. It stresses the need for action plans for vulnerabilities affecting information systems, directing readers to vendor advisories for patches. The document provides a summary table of critical vulnerabilities from September 16th to September 22nd, including details on affected products, CVE identifiers, CVSS scores, and exploitability status
Additionally, it mentions a critical vulnerability in Gitlab (CVE-2024-45409), others like Veeam Backup and Replication (CVE-2024-40711), and Microsoft Windows (CVE-2024-43461) actively exploited. The bulletin also reports on multiple vulnerabilities including a Cisco Smart Licensing Utility flaw (CVE-2024-20439) with known exploitation attempts, and updates on various advisories issued by CERT-FR during the same period.https://www.cert.ssi.gouv.fr/actualite/CERTFR-2024-ACT-042/