20240710005 - Citrix Updates + Template table update (#855)

docs/advisories/20240710005-Citrix-Updates-Multiple-Products.md

@@ -0,0 +1,28 @@
+# Citrix Updates Multiple Products - 20240710005
+
+## Overview
+
+Citrix has released security updates to address vulnerabilities in multiple products. Please see the below list of affected products, as well as the vendor published advisory including affected versions and recommendations.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE # | CVSS v4/v3 | Severity |
+| --- | --- | --- | --- | --- |
+| NetScaler ADC and NetScaler Gateway | [Vendor noted versions](https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492) | [CVE-2024-5491](https://nvd.nist.gov/vuln/detail/CVE-2024-5491) </br> [CVE-2024-5492](https://nvd.nist.gov/vuln/detail/CVE-2024-5492) | 7.1 </br> 5.1 | High </br> Medium |
+| NetScaler Console, Agent and SVM | [Vendor noted versions](https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-svm-security-bulletin-for-cve20246235-and-cve20246236) | [CVE-2024-6235](https://nvd.nist.gov/vuln/detail/CVE-2024-6235) </br> [CVE-2024-6236](https://nvd.nist.gov/vuln/detail/CVE-2024-6236) | **9.4** </br> 7.1 | **Critical** </br> High |
+| Citrix Workspace app for HTML5 | [Vendor noted versions](https://support.citrix.com/article/CTX678037/citrix-workspace-app-for-html5-security-bulletin-cve20246148-and-cve20246149) | [CVE-2024-6148](https://nvd.nist.gov/vuln/detail/CVE-2024-6148) </br> [CVE-2024-6149](https://nvd.nist.gov/vuln/detail/CVE-2024-6149) | 5.3 </br> 4.8 | Medium </br> Medium |
+| Citrix Provisioning | [Vendor noted versions](https://support.citrix.com/article/CTX678025/citrix-provisioning-security-bulletin-cve20246150 "https://support.citrix.com/article/CTX678025/citrix-provisioning-security-bulletin-cve20246150") | [CVE-2024-6150](https://nvd.nist.gov/vuln/detail/CVE-2024-6150) | 4.8 | Medium |
+| Windows Virtual Delivery Agent for CVAD and Citrix DaaS | [Vendor noted versions](https://support.citrix.com/article/CTX678035/windows-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve20246151 "https://support.citrix.com/article/CTX678035/windows-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve20246151") | [CVE-2024-6151](https://nvd.nist.gov/vuln/detail/CVE-2024-6151) | 8.5 | High |
+| Citrix Workspace app for Windows | [Vendor noted versions](https://support.citrix.com/article/CTX678036/citrix-workspace-app-for-windows-security-bulletin-cve20246286) | [CVE-2024-6286](https://nvd.nist.gov/vuln/detail/CVE-2024-6286) | 8.5 | High |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+## Additional References
+
+- CISA Advisory: <https://www.cisa.gov/news-events/alerts/2024/07/09/citrix-releases-security-updates-multiple-products>

docs/markdown-templates/Advisory-vulnerability.md

@@ -8,10 +8,10 @@ Describe the threat to organisation's application/ environment/ security/ operat
 
 ## What is vulnerable?
 
-| Products Affected | CVE                                                                                                                                       | CVSS          | Severity                                                         |
-| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ---------------------------------------------------------------- |
-| Product Name 1    | [CVE-xxxx-xxxxx](https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxxx)                                                                         | X.X           | Low/Medium/High/**Critical**                                     |
-| Product Name 2    | [CVE-xxxx-xxxxx](https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxxx) </br> [CVE-xxxx-xxxxx](https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxxx) | X.X </br> X.X | Low/Medium/High/**Critical**  </br> Low/Medium/High/**Critical** |
+| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
+| --- | --- | --- | --- | --- |
+| Product Name 1 | Version | [CVE-xxxx-xxxxx](https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxxx) | X.X | Low/Medium/High/**Critical** |
+| Product Name 2 | Version | [CVE-xxxx-xxxxx](https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxxx) </br> [CVE-xxxx-xxxxx](https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxxx) | X.X </br> X.X | Low/Medium/High/**Critical**  </br> Low/Medium/High/**Critical** |
 
 ## What has been observed?
 

docs/markdown-templates/advisory-KnownExploited.md

@@ -6,9 +6,10 @@
 
 ## What is vulnerable?
 
-| Product(s) Affected    | CVE                                                                             | Severity                         | CVSS |
-| ---------------------- | ------------------------------------------------------------------------------- | -------------------------------- | ---- |
-| Product and version(s) | [CVE-####-#####](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-####-#####) | Low/Medium/**High**/**Critical** | x.x  |
+| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
+| --- | --- | --- | --- | --- |
+| Product Name 1 | Version | [CVE-xxxx-xxxxx](https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxxx) | X.X | Low/Medium/High/**Critical** |
+| Product Name 2 | Version | [CVE-xxxx-xxxxx](https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxxx) </br> [CVE-xxxx-xxxxx](https://nvd.nist.gov/vuln/detail/CVE-xxxx-xxxxx) | X.X </br> X.X | Low/Medium/High/**Critical**  </br> Low/Medium/High/**Critical** |
 
 ## What has been observed?