From 456399b80ac869ae6b6b056a448da32a1b868ea4 Mon Sep 17 00:00:00 2001
From: carel-v98 <109933205+carel-v98@users.noreply.github.com>
Date: Wed, 24 Jul 2024 15:08:26 +0800
Subject: [PATCH] CISA Updates Known Exploited Catalog - 20240724001 (#895)

* CISA Updates Known Exploited Catalog - 20240724001

* Format markdown docs

* Update 20240724001

Added Microsoft Advisory URL

---------

Co-authored-by: carel-v98 <carel-v98@users.noreply.github.com>
Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com>
---
 ...01-CISA-Updates-Known-Exploites-Catalog.md | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 docs/advisories/20240724001-CISA-Updates-Known-Exploites-Catalog.md

diff --git a/docs/advisories/20240724001-CISA-Updates-Known-Exploites-Catalog.md b/docs/advisories/20240724001-CISA-Updates-Known-Exploites-Catalog.md
new file mode 100644
index 00000000..ccd44e35
--- /dev/null
+++ b/docs/advisories/20240724001-CISA-Updates-Known-Exploites-Catalog.md
@@ -0,0 +1,23 @@
+# CISA Updates Known Exploited Catalog - 20240724001
+
+## Overview
+
+CISA has added two new vulnerabilities to its [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog), based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
+
+## What is vulnerable?
+
+| Product(s) Affected         | Version(s)                  | CVE #                                             | CVSS v4/v3 | Severity |
+| --------------------------- | --------------------------- | ------------------------------------------------- | ---------- | -------- |
+| Microsoft Internet Explorer | versions IE6 through to IE8 | <https://nvd.nist.gov/vuln/detail/CVE-2012-4792>  | 9.3        | High     |
+| Twilio products             | all versions before 25.1.0  | <https://nvd.nist.gov/vuln/detail/CVE-2024-39891> | 5.3        | Medium   |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hrs...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Microsoft Advisory: <http://technet.microsoft.com/security/advisory/2794220>
+- Twilio Advisory: <https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS>