Merge branch 'main' into main

docs/advisories/20240123001-VMWare-added-to-CISA-Known-Exploited-Catalog.md

@@ -0,0 +1,26 @@
+# VMWare added to CISA Known Exploited Catalog - 20240123001
+
+## Overview
+
+The vCenter Server contains a known exploited an out-of-bounds write vulnerability in the implementation of the DCERPC (Distributed Computing Environment / Remote Procedure Calls) protocol and a partical information disclosure vulnerabilities. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
+
+## What is vulnerable?
+
+| CVE ID                                                            | Product(s) Affected                                                                                 | Summary                                        | Severity     | CVSS |
+| ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- | ---------------------------------------------- | ------------ | ---- |
+| [CVE-2023-34048](https://nvd.nist.gov/vuln/detail/CVE-2023-34048) | VMware vCenter Server **versions before** 8.0, VMware Cloud Foundation **versions before** 5.x, 4.x | An out-of-bounds write vulnerability           | **Critical** | 9.8  |
+| [CVE-2023-34056](https://nvd.nist.gov/vuln/detail/CVE-2023-34056) | VMware vCenter Server **versions before** 8.0, VMware Cloud Foundation **versions before** 5.x, 4.x | A partial information disclosure vulnerability | **Moderate** | 4.3  |
+
+## What has been observed?
+
+CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [VMware security](https://www.vmware.com/security/advisories/VMSA-2023-0023.html)
+
+## Additional References
+
+- [NIST Vulnerability Details ](https://nvd.nist.gov/vuln/detail/CVE-2023-34056)

docs/advisories/20240124001-Splunk-Enterprise-Windows-patch.md

@@ -0,0 +1,25 @@
+# Splunk Enterprise Patches High-Severity Vulnerability - 20240124001
+
+## Overview
+
+Splunk has released information about a High severity vulnerability affecting Splunk Enterprise for Windows.
+
+## What is vulnerable?
+
+| CVE ID                                                            | Product(s) Affected                                              | Summary                                                                                                                                                                                                                                               | Severity | CVSS |
+| ----------------------------------------------------------------- | ---------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ---- |
+| [CVE-2024-23678](https://nvd.nist.gov/vuln/detail/CVE-2024-23678) | Splunk Enterprise for Windows **versions below** 9.0.8 and 9.1.3 | Splunk Enterprise for Windows does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows. | **High** | 7.5  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- https://advisory.splunk.com/advisories/SVD-2024-0108
+
+## Additional References
+
+- SecurityWeek: https://www.securityweek.com/high-severity-vulnerability-patched-in-splunk-enterprise/

docs/advisories/20240123002-GoAnywhere-MFT-bypass-vulnerability.md → docs/advisories/20240124002-GoAnywhere-MFT-bypass-vulnerability.md

@@ -23,6 +23,6 @@ There is no evidence of vulnerable versions of GoAnywhere affecting Western Aust
 
 ## Recommendation
 
-Upgrade to version 7.4.1 or higher. The vulnerability may also be eliminated in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services. For container-deployed instances, replace the file with an empty file and restart. For additional information: https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
+Upgrade to version 7.4.1 or higher. The vulnerability may also be eliminated in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services. For container-deployed instances, replace the file with an empty file and restart. For additional information: [GoAnywhere advisory](https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml)
 
 The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md))

docs/markdown-templates/Advisory-vulnerability.md

@@ -1,4 +1,4 @@
-# \[Advisory Title\] - 2024MMDD00\#
+## \[Advisory Title\] - 2024MMDD000
 
 ## Overview