forked from wagov/wasocshared
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
64 changed files
with
471 additions
and
772 deletions.
There are no files selected for viewing
26 changes: 26 additions & 0 deletions
26
docs/advisories/20240131002-Mitigation-Defend-Agaist-Exploitation-of-Ivanti.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways - 20240131002 | ||
|
||
## Overview | ||
|
||
CISA has released new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices ([CVE-2023-46805](https://nvd.nist.gov/vuln/detail/CVE-2023-46805) and [CVE-2024-21887](https://nvd.nist.gov/vuln/detail/CVE-2024-21887)). | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Summary | Severity | CVSS | | ||
| ------------------- | ------- | -------- | ---- | | ||
| **ICS 9.1R18** | | **High** | 8.2 | | ||
| **ICS 22.6R2** | | **High** | 8.2 | | ||
| **IPS 9.1R18** | | **High** | 8.2 | | ||
| **IPS 22.6R2** | | **High** | 8.2 | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
## Additional References | ||
|
||
- [NVD - CVE-2023-46805 (nist.gov)](https://nvd.nist.gov/vuln/detail/CVE-2023-46805) |
28 changes: 28 additions & 0 deletions
28
docs/advisories/20240202001-CISA-Known-Exploited-Vulnerabilities.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# CISA Known Exploited Catalog - 20240202001 | ||
|
||
## Overview | ||
|
||
Apple have released a critical security advisory relating to Type Confusion Vulnerability impacting multiple apple products. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | CVE | Severity | CVSS | | ||
| ------------------------------------------------------ | ----------------------------------------------------------------- | -------- | ---- | | ||
| Apple macOS **Versions** before 14.3, 13.6, 12.7 | [CVE-2024-23222](https://nvd.nist.gov/vuln/detail/CVE-2024-23222) | **High** | 8.8 | | ||
| Apple iOS and iPadOS **Versions** before 17.3 and 16.7 | | | | | ||
| Apple tvOS **Versions** before 17.3 | | | | | ||
| Apple safari **Versions** before 17.3 | | | | | ||
|
||
## What has been observed? | ||
|
||
CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [NIST CVE-2024-23222](https://nvd.nist.gov/vuln/detail/CVE-2024-23222) | ||
|
||
### Additional Resources | ||
|
||
-[CISA Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) |
32 changes: 32 additions & 0 deletions
32
docs/advisories/20240202002-Docker-Container-Vulnerabilities.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# Docker Container Runtime Component Vulnerabilities - 20240202002 | ||
|
||
## Overview | ||
|
||
An attacker could use the core container infrastructure components of docker containers to escape the container and gain unauthorized access to the underlying host operating system from within the container. | ||
|
||
## What is vulnerable? | ||
|
||
| Component(s) Affected | CVE | Severity | CVSS | | ||
| -------------------------- | ----------------------------------------------------------------- | ------------ | ---- | | ||
| OCI runc | [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | **High** | 8.6 | | ||
| Buildkit Mount | [CVE-2024-23653](https://nvd.nist.gov/vuln/detail/CVE-2024-23651) | **High** | 8.7 | | ||
| Buildkit GRPC SecurityMode | [CVE-2024-23653](https://nvd.nist.gov/vuln/detail/CVE-2024-23653) | **Critical** | 10.0 | | ||
| BuildKit Buildtime | [CVE-2024-23652](https://nvd.nist.gov/vuln/detail/CVE-2024-23652) | **Critical** | 9.8 | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
You will likely need to update your Docker daemons and Kubernetes deployments, as well as any container build tools that you use in CI/CD pipelines, on build servers, and on your developers' workstations | ||
|
||
- [Runc 1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12) - Fix for CVE-2024-21626 | ||
- [Docker buildkit Release 0.12.5](https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/) - Fix for CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653 | ||
|
||
### Additional Resources | ||
|
||
- [Moby and Open Container Vulenrabilities - CISA](https://www.cisa.gov/news-events/alerts/2024/02/01/moby-and-open-container-initiative-release-critical-updates-multiple-vulnerabilities-affecting) | ||
- [Synk "leaky vessels" report](https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/) |
23 changes: 23 additions & 0 deletions
23
docs/advisories/20240202003-Microsoft-Edge-Security-Update.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Microsoft Edge Security Updates - 20240202003 | ||
|
||
## Overview | ||
|
||
Microsoft has released security updates to address vulnerabilities in Microsoft Edge (Chromium-based)remote code execution [CVE-2024-21399](https://www.cve.org/CVERecord?id=CVE-2024-21399). Threat actor could exploit one of these vulnerabilities to obtain sensitive information. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Severity | CVSS | | ||
| -------------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| **Microsoft Edge 121.0.2277.98** | **High** | [8.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2024-21399&vector=AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H&version=3.1&source=Microsoft%20Corporation) | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
## Additional References | ||
|
||
- [Microsoft Security Updates](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21399) |
21 changes: 21 additions & 0 deletions
21
docs/advisories/20240205001-Juniper-Networks-Security-Advisory.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Juniper Networks Security Advisory - 20240205001 | ||
|
||
## Overview | ||
|
||
Juniper Networks released a security bulletin to address multiple vulnerabilities affecting Juniper Secure Analytics optional applications. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Severity | CVSS | | ||
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---- | | ||
| Juniper Secure Analytics (JSA) Applications <br />- Log Collector **versions before** v1.8.4 <br />- SOAR Plugin App **versions before** 5.3.1 <br />- Deployment Intelligence App **versions before** 3.0.12 <br />- User Behavior Analytics Application add-on **versions before** 4.1.14 | **Critical** | 9.1 | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [Juniper Support Portal](https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved-in-JSA-Applications?language=en_US) |
22 changes: 22 additions & 0 deletions
22
docs/advisories/20240205002-Google-Chrome-Security-Updates.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Google Chrome Security Updates - 20240205002 | ||
|
||
## Overview | ||
|
||
Google has released new updates for Google Chrome to address a Use-After-Free in Network vulnerability which could allow a threat actor to potentially exploit heap corruption via a malicious file. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Summary | Severity | CVSS | | ||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------- | ---- | | ||
| **Google Chrome** <br /> Versions Prior to: 121.0.6167.139 | This vulnerability could allow a remote attacker to potentially exploit heap corruption via a malicious file. | **NA** | N.A | | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [Chrome Releases: Stable Channel Update for Desktop (googleblog.com)](https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html) | ||
|
||
## Additional References | ||
|
||
- [NVD - CVE-2024-1077 (nist.gov)](https://nvd.nist.gov/vuln/detail/CVE-2024-1077) | ||
- [CVE-2024-1077 - Security Update Guide - Microsoft - Chromium: CVE-2024-1077 Use after free in Network](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1077) |
21 changes: 21 additions & 0 deletions
21
...dvisories/20240207001-CISA-Adds-One-Known-Exploited-Vulnerability-to-Catalog.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# CISA Adds One Known Exploited Vulnerability to Catalog - 20240207001 | ||
|
||
## Overview | ||
|
||
Google Chrome have released a high security advisory relating to a Type Confusion vulnerability impacting in V8 in Google Chrome. | ||
|
||
## What is vulnerable? | ||
|
||
| CVE ID | Product(s) Affected | Severity | CVSS | | ||
| --------------------------------------------------------------- | ------------------------------------------------ | -------- | ---- | | ||
| [CVE-2023-4762](https://nvd.nist.gov/vuln/detail/CVE-2023-4762) | Google Chrome **versions before** 116.0.5845.179 | **High** | 8.8 | | ||
|
||
## What has been observed? | ||
|
||
CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [CISA Known Exploited Vulnerability](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) |
29 changes: 29 additions & 0 deletions
29
docs/advisories/20240207002-Critical-Android-Security-Advisory.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# Critical Android Security Advisory - 20240207002 | ||
|
||
## Overview | ||
|
||
The Android Security Advisory releases details of a High security vulnerabilities affecting Android devices. The vulnerability could lead to remote code execution with no additional execution privileges needed. | ||
|
||
## What is vulnerable? | ||
|
||
[2024-02-01 security patch level vulnerability details](https://source.android.com/docs/security/bulletin/2024-02-01#2024-02-01-security-patch-level-vulnerability-details) | ||
|
||
| Product(s)Affected | Severity | | ||
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | | ||
| - [Framework](https://source.android.com/docs/security/bulletin/2024-02-01#framework) <br />- [System](https://source.android.com/docs/security/bulletin/2024-02-01#system) | **High** | | ||
|
||
[2024-02-05 security patch level vulnerability details](https://source.android.com/docs/security/bulletin/2024-02-01#2024-02-05-security-patch-level-vulnerability-details) | ||
|
||
| Product(s)Affected | Severity | | ||
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | | ||
| - [Arm components](https://source.android.com/docs/security/bulletin/2024-02-01#arm-components) <br />- [MediaTek components](https://source.android.com/docs/security/bulletin/2024-02-01#mediatek-components) <br />- [Unisoc components](https://source.android.com/docs/security/bulletin/2024-02-01#unisoc-components)<br />- [Qualcomm components](https://source.android.com/docs/security/bulletin/2024-02-01#qualcomm-components) <br />- [Qualcomm closed-source components](https://source.android.com/docs/security/bulletin/2024-02-01#qualcomm-closed-source) | **High** | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [Android Bulletin February 2024](https://source.android.com/docs/security/bulletin/2024-02-01) |
26 changes: 26 additions & 0 deletions
26
docs/advisories/20240208001-Linux-Shim-Loader-RCE-Vulnerability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# Shim Bootloader RCE Vulnerability - 20240208002 | ||
|
||
## Overview | ||
|
||
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. | ||
|
||
## What is vulnerable? | ||
|
||
| Product(s) Affected | Summary | Severity | CVSS | | ||
| -------------------------------- | --------------------------------------------------------------------- | ------------ | ---- | | ||
| Red Hat Enterprise Linux 7, 8, 9 | [**CVE-2023-40547**](https://nvd.nist.gov/vuln/detail/CVE-2023-40547) | **Critical** | 9.8 | | ||
|
||
## What has been observed? | ||
|
||
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
||
## Recommendation | ||
|
||
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48hrs...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
||
- [**Shim Github Repository**](https://github.com/rhboot/shim/releases/tag/15.8) | ||
|
||
## Additional References | ||
|
||
- [Dark Reading: Linux Distros Hit by RCE Vulnerability in Shim Bootloader](https://www.darkreading.com/vulnerabilities-threats/rce-vulnerability-in-shim-bootloader-impacts-all-linux-distros) | ||
- [Red Hat Customer Portal](https://access.redhat.com/security/cve/CVE-2023-40547) |
Oops, something went wrong.