From 1ef0689c8b5320018dce219908c501700e97a293 Mon Sep 17 00:00:00 2001
From: CharlesRN <125233614+CharlesRN@users.noreply.github.com>
Date: Thu, 1 Feb 2024 09:21:51 +0800
Subject: [PATCH] New Mitigations to Defend Against Exploitation of Ivanti
 Connect Secure and Policy Secure Gateways - 20240131002 (#492)

* Ivanti_advisory

* Format markdown files

* Update 20240131002-Mitigation-Defend-Agaist-Exploitation-of-Ivanti.md

Change CVE  to NIST links

---------

Co-authored-by: GitHub Actions <actions@github.com>
Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
---
 ...on-Defend-Agaist-Exploitation-of-Ivanti.md | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 docs/advisories/20240131002-Mitigation-Defend-Agaist-Exploitation-of-Ivanti.md

diff --git a/docs/advisories/20240131002-Mitigation-Defend-Agaist-Exploitation-of-Ivanti.md b/docs/advisories/20240131002-Mitigation-Defend-Agaist-Exploitation-of-Ivanti.md
new file mode 100644
index 00000000..d89cade6
--- /dev/null
+++ b/docs/advisories/20240131002-Mitigation-Defend-Agaist-Exploitation-of-Ivanti.md
@@ -0,0 +1,26 @@
+# New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways - 20240131002
+
+## Overview
+
+CISA has released new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices ([CVE-2023-46805](https://nvd.nist.gov/vuln/detail/CVE-2023-46805) and [CVE-2024-21887](https://nvd.nist.gov/vuln/detail/CVE-2024-21887)).
+
+## What is vulnerable?
+
+| Product(s) Affected | Summary | Severity | CVSS |
+| ------------------- | ------- | -------- | ---- |
+| **ICS 9.1R18**      |         | **High** | 8.2  |
+| **ICS 22.6R2**      |         | **High** | 8.2  |
+| **IPS 9.1R18**      |         | **High** | 8.2  |
+| **IPS 22.6R2**      |         | **High** | 8.2  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+## Additional References
+
+- [NVD - CVE-2023-46805 (nist.gov)](https://nvd.nist.gov/vuln/detail/CVE-2023-46805)