forked from wagov/wasocshared
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
15 changed files
with
347 additions
and
6 deletions.
There are no files selected for viewing
22 changes: 22 additions & 0 deletions
22
docs/advisories/20241018001-Oracle-Quarterly-Critical-Patch+copy.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Oracle Publishes Quarterly Critical Patch Advisory - 20241018001 | ||
|
|
||
| ## Overview | ||
|
|
||
| Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Summary | | ||
| | ------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | | ||
| | [Vendor list of affected products and versions](https://www.oracle.com/security-alerts/cpuoct2024.html) | These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month.* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Oracle - July Advisory: <https://www.oracle.com/security-alerts/cpuoct2024.html> | ||
| - Oracle - Complete list of Security Alerts: <https://www.oracle.com/security-alerts/> |
25 changes: 25 additions & 0 deletions
25
docs/advisories/20241021001-Trend-Releases-Critical-Update.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Trend Releases Critical Update - 20241021001 | ||
|
|
||
| ## Overview | ||
|
|
||
| Trend Micro has released updates to address a critical command injection vulnerability in the Cloud Edge appliance. This vulnerability could allow a threat actor to execute Remote Code on affected devices without authentication. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE # | CVSS v4/v3 | Severity | | ||
| | ------------------- | ----------------------------------------------- | ----------------------------------------------------------------- | ---------- | -------- | | ||
| | Cloud Edge | - 5.6SP2 \< build 3228 <br> - 7.0 \< build 1081 | [CVE-2024-48904](https://nvd.nist.gov/vuln/detail/CVE-2024-48904) | 9.8 | Critical | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Trend Micro: <https://success.trendmicro.com/en-US/solution/KA-0017998> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - Cybersecurity News: <https://securityonline.info/cve-2024-48904-cvss-9-8-critical-command-injection-vulnerability-in-trend-micro-cloud-edge/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Grafana Releases Critical Update - 20241021002 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware of a critical vulnerability in Grafana's SQL Expressions experimental feature where insufficient query sanitisation could lead to command injection and local file inclusion from any user with VIEWER or higher permissions. | ||
|
|
||
| The 'duckdb' binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | ------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | ---- | ------------ | | ||
| | Grafana | - 11.0 \< 11.0.5+security-01 <br> - 11.1 \< 11.1.6+security-01 <br> - 11.2 \< 11.2.1+security-01 | [CVE-2024-9264](https://nvd.nist.gov/vuln/detail/CVE-2024-9264) | 9.9 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Grafana: <https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # CISA Releases New ICS Advisories - 20241021003 | ||
|
|
||
| ## Overview | ||
|
|
||
| CISA has released multiple advisories for Industrial Control Systems (ICS) related vendors. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Vendor | Advisory | | ||
| | ------------------- | -------------------------------------------------------------------------------- | | ||
| | Siemens | [ICSA-24-289-01](https://www.cisa.gov/news-events/ics-advisories/icsa-24-289-01) | | ||
| | Schneider Electric | [ICSA-24-289-02](https://www.cisa.gov/news-events/ics-advisories/icsa-24-289-02) | | ||
| | LCDS | [ICSA-24-291-02](https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-02) | | ||
| | Mitsubishi Electric | [ICSA-24-291-03](https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03) | | ||
| | HMS Networks | [ICSA-24-291-04](https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-04) | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices. | ||
|
|
||
| - CISA Advisory 2024-10-15: <https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-releases-two-industrial-control-systems-advisories> | ||
| - CISA Advisory 2024-10-17: <https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-releases-seven-industrial-control-systems-advisories> |
35 changes: 35 additions & 0 deletions
35
docs/advisories/20241024001-Fortinet-Critical-Vulnerabilities.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| # Fortinet FortiManager Critical Vulnerability - 20241024001 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware of a critical vulnerability in Fortinet FortiManager devices that is currently being actively exploited. A missing authentication for critical function vulnerability in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. | ||
|
|
||
| **Reports have shown this vulnerability has been seen to be exploited in the wild** | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Affected Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | ---------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---- | -------- | | ||
| | FortiManager | 7.6 - 7.6.0 <br> 7.4 - 7.4.4 <br> 7.2 - 7.2.7 <br> 7.0 - 7.0.12 <br> 6.4 - 6.4.14 <br> 6.2 - 6.2.12 | [CVE-2024-47575](https://nvd.nist.gov/vuln/detail/CVE-2024-47575) | 9.8 | Critical | | ||
| | Fortimanager Cloud | 7.4.1 - 7.4.4 <br> 7.2.1 - 7.2.7 <br> 7.0.1 - 7.0.12 <br> all versions 6.4.x | [CVE-2024-47575](https://nvd.nist.gov/vuln/detail/CVE-2024-47575) | 9.8 | Critical | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| Fortinet has updated their security advisory addressing this vulnerability to include additional workarounds and indicators of compromise (IOCs). | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Fortinet: <https://www.fortiguard.com/psirt/FG-IR-24-423> | ||
|
|
||
| ## Other Information | ||
|
|
||
| - ACSC: <https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/vulnerability-in-fortinets-fortimanager> | ||
|
|
||
| ### Change Log | ||
|
|
||
| - 2024-10-24: Advisory initial creation. | ||
| - 2024-10-31: Update "What has been observed" with new information from vendor. Update "What is vulnerable" version information. |
29 changes: 29 additions & 0 deletions
29
docs/advisories/20241024002-Microsoft-Sharepoint-Server-Vulnerability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| # Microsoft SharePoint Vulnerability Added in CISA Known Exploits - 20241024002 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware of a vulnerability in Microsoft SharePoint deserialisation that allows remote code execution. A threat actor with Site Owner access could use this vulnerability to inject and execute arbitrary code within SharePoint Server. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) | Versions | CVE # | Severity | CVSS | | ||
| | ----------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------- | -------- | ---- | | ||
| | **Microsoft SharePoint Enterprise Server 2016**<br>**Microsoft SharePoint Server 2019**<br>**Microsoft SharePoint Server Subscription Edition** | 16.0.0 \< 16.0.5456.1000 <br> 16.0.0 \< 16.0.10412.20001 <br>16.0.0 \< 16.0.17328.20424 | [CVE-2024-38094](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094) | **High** | 7.2 | | ||
| | | | | | | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There are currently no reports of these vulnerabilities being exploited in the wild at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - SharePoint Server 2024 <https://support.microsoft.com/help/5002606> | ||
| - SharePoint Server 2019 <https://support.microsoft.com/help/5002615> | ||
| - SharePoint Server 2016 <https://support.microsoft.com/help/5002618> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - CISA: <https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog> | ||
| - Thehackernews: <https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html> |
29 changes: 29 additions & 0 deletions
29
docs/advisories/20241025001-Cisco-Critical-Vulnerabilities.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| # Cisco Addresses Critical Vulnerabilities - 20241025001 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware to critical vulnerabilities affecting Cisco systems that could enable an authenticated remote attacker to execute operating system commands with root privileges. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | --------------------------------------------- | -------------------------- | ----------------------------------------------------------------- | ---- | ------------ | | ||
| | Cisco Secure Firewall Management Center (FMC) | all versions \<= 7.4.2 | [CVE-2024-20424](https://nvd.nist.gov/vuln/detail/CVE-2024-20424) | 9.9 | **Critical** | | ||
| | Cisco Adaptive Security Appliance (ASA) | all versions \<= 9.18.3.56 | [CVE-2024-20329](https://nvd.nist.gov/vuln/detail/CVE-2024-20329) | 9.9 | **Critical** | | ||
| | Cisco Firepower Threat Defense (FTD) | all versions \<= 7.4.1.1 | [CVE-2024-20412](https://nvd.nist.gov/vuln/detail/CVE-2024-20412) | 9.3 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Cisco advisory CVE-2024-20424: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF> | ||
| - Cisco advisory CVE-2024-20329: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7> | ||
| - Cisco advisory CVE-2024-20412: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - Security Affairs article: <https://securityaffairs.com/170203/breaking-news/cisco-fixed-tens-of-vulnerabilities-including-actively-exploited-one.html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # CISA Releases New ICS Advisories - 20241025002 | ||
|
|
||
| ## Overview | ||
|
|
||
| CISA has released multiple advisories for Industrial Control Systems (ICS) related vendors. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Vendor | | ||
| | -------------------- | | ||
| | VIMESA | | ||
| | iniNet Solutions | | ||
| | Deep Sea Electronics | | ||
| | OMNTEC Mfg., Inc. | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices. | ||
|
|
||
| - CISA: <https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-releases-four-industrial-control-systems-advisories> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # New ICS Advisories - 20241028001 | ||
|
|
||
| ## Overview | ||
|
|
||
| Rockwell and Siemens have released advisories for critical vulnerabilities in their Industrial Control Systems (ICS) products. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Vendor | Advisory | | ||
| | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | ||
| | Rockwell Automation | [SD 1708 - ThinManager Multiple Vulnerabilities](https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html) | | ||
| | Siemens | [SSA-333468: Multiple Vulnerabilities in InterMesh Subscriber Devices](https://cert-portal.siemens.com/productcert/html/ssa-333468.html) | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices. |
25 changes: 25 additions & 0 deletions
25
docs/advisories/20241029001-Progress-WhatsUp-Critical-Update.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Progress WhatsUp Critical Update - 20241029001 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware about a critical vulnerability in certain WhatsUp Gold versions, having an Authentication Bypass issue which allows an attacker to obtain encrypted user credentials. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | ---------------------------- | --------------------------------------------------------------- | ---- | ------------ | | ||
| | WhatsUp Gold | All versions before 2024.0.0 | [CVE-2024-7763](https://nvd.nist.gov/vuln/detail/CVE-2024-7763) | 9.8 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Progress: <https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - SecurityOnline: <https://securityonline.info/whatsup-gold-users-beware-critical-authentication-bypass-flaw-exposed-cve-2024-7763-cvss-9-8/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # Apple Critical Update - 20241030001 | ||
|
|
||
| ## Overview | ||
|
|
||
| Apple has released updates for multiple products. The WA SOC has been made aware of some vulnerabilities being classified as critical. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | -------------------- | ----------------------------------------------------------------- | ---- | ------------ | | ||
| | iOS and iPadOS | all versions \< 18.1 | [CVE-2024-40867](https://nvd.nist.gov/vuln/detail/CVE-2024-40867) | 9.6 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Apple October iOS and iPadOS 18.1 Release Notes: <https://support.apple.com/en-us/121563> | ||
| - Apple Security Realses Overview: <https://support.apple.com/en-us/100100> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - SecurityOnline article: <https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2024-121> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # QNAP Zero-Day Vulnerability - 20241030002 | ||
|
|
||
| ## Overview | ||
|
|
||
| An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------------ | ------------------ | ----------------------------------------------------------------- | ---- | ------------ | | ||
| | HBS 3 Hybrid Backup Sync | 25.1 \< 25.1.1.673 | [CVE-2024-50388](https://nvd.nist.gov/vuln/detail/CVE-2024-50388) | TBA | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - QNAP: <https://www.qnap.com/en-us/security-advisory/qsa-24-41> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - Tenable: <https://www.tenable.com/cve/CVE-2024-50388> |
Oops, something went wrong.