From 3e60c0849fa116d4a399976d987cc82614f06bda Mon Sep 17 00:00:00 2001
From: JadonWill <117053393+JadonWill@users.noreply.github.com>
Date: Fri, 19 Jan 2024 13:01:01 +0800
Subject: [PATCH] 20240119003 & K.E.V. Template update (#472)

* 20240117004

* 20240117006

* 20240119003 plus KEV template update

---------

Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
---
 ...19003-Ivanti-Critical-Security-Advisory.md | 30 +++++++++++++++++
 .../advisory-KnownExploited.md                | 21 +++++-------
 .../zzOLD-advisory-KnownExploited-OLD.md      | 33 +++++++++++++++++++
 3 files changed, 72 insertions(+), 12 deletions(-)
 create mode 100644 docs/advisories/20240119003-Ivanti-Critical-Security-Advisory.md
 create mode 100644 docs/markdown-templates/zzOLD-advisory-KnownExploited-OLD.md

diff --git a/docs/advisories/20240119003-Ivanti-Critical-Security-Advisory.md b/docs/advisories/20240119003-Ivanti-Critical-Security-Advisory.md
new file mode 100644
index 000000000..bd41f83f5
--- /dev/null
+++ b/docs/advisories/20240119003-Ivanti-Critical-Security-Advisory.md
@@ -0,0 +1,30 @@
+# Ivanti EPMM and MobileIron Core added to CISA Known Exploited Catalog - 20240119003
+
+## Overview
+
+Ivanti have released a critical security advisory relating to a vulnerability impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core. The risk of exploitation depends on the individual customer’s configurations.
+
+
+## What is vulnerable?
+
+| Product(s) Affected | CVE | Severity | CVSS
+| --- | --- |--- | --- |
+| Ivanti Endpoint Manager Mobile (EPMM) 11.8, 11.9, 11.10 | [CVE-2023-35082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35082) | **Critical** | 10 |
+| MobileIron Core 11.7 and below | [CVE-2023-35082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35082) | **Critical** | 10 |
+
+
+## What has been observed?
+
+CISA added this vulnerabilty in their [Known Exploited Vulnerabilties](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- <https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US>
+
+
+### Additional Resources
+
+- CISA "CVE-2023-35082 Detail": <https://nvd.nist.gov/vuln/detail/CVE-2023-35082>
\ No newline at end of file
diff --git a/docs/markdown-templates/advisory-KnownExploited.md b/docs/markdown-templates/advisory-KnownExploited.md
index 586a2dfc5..6c2eb042e 100644
--- a/docs/markdown-templates/advisory-KnownExploited.md
+++ b/docs/markdown-templates/advisory-KnownExploited.md
@@ -2,31 +2,28 @@
 
 ## Overview
 
-The default server implementation of several TIBCO Software Inc.'s products contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.
+Ivanti have released a critical security advisory relating to a vulnerability impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core. The risk of exploitation depends on the individual customer’s configurations.
 
-The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems.
-
-## What is the vulnerability?
-
-[**CVE-XXXX-XXXXX**](https://www.cve.org/CVERecord?id=CVE-XXXX-XXXXX) - CVSS v3 Base Score: ***X.X***
 
 ## What is vulnerable?
 
-The vulnerability exists in the following products:
+| Product(s) Affected | CVE | Severity | CVSS
+| --- | --- |--- | --- |
+| Ivanti Endpoint Manager Mobile (EPMM) 11.8, 11.9, 11.10 | [CVE-2023-35082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CCVE-2023-35082) | **Critical** | 10 |
+| MobileIron Core 11.7 and below | [CVE-2023-35082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CCVE-2023-35082) | **Critical** | 10 |
 
-- TIBCO JasperReports Library versions **6.3.4 and below**
-- TIBCO JasperReports Library versions **6.4.1, 6.4.2, and 6.4.21**
-- TIBCO JasperReports Library version **7.1.0**
 
 ## What has been observed?
 
-CISA added this vulnerabilty in their [Known Exploited Vulnerabilties](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog on *date...*. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+CISA added this vulnerabilty in their [Known Exploited Vulnerabilties](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
 
 ## Recommendation
 
 The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)):
 
-- <Vendor URL Here>
+- <https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US>
+
 
 ### Additional Resources
 
diff --git a/docs/markdown-templates/zzOLD-advisory-KnownExploited-OLD.md b/docs/markdown-templates/zzOLD-advisory-KnownExploited-OLD.md
new file mode 100644
index 000000000..586a2dfc5
--- /dev/null
+++ b/docs/markdown-templates/zzOLD-advisory-KnownExploited-OLD.md
@@ -0,0 +1,33 @@
+# (Vulnerability) added to CISA Known Exploited Catalog - 2024MMDD###
+
+## Overview
+
+The default server implementation of several TIBCO Software Inc.'s products contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.
+
+The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems.
+
+## What is the vulnerability?
+
+[**CVE-XXXX-XXXXX**](https://www.cve.org/CVERecord?id=CVE-XXXX-XXXXX) - CVSS v3 Base Score: ***X.X***
+
+## What is vulnerable?
+
+The vulnerability exists in the following products:
+
+- TIBCO JasperReports Library versions **6.3.4 and below**
+- TIBCO JasperReports Library versions **6.4.1, 6.4.2, and 6.4.21**
+- TIBCO JasperReports Library version **7.1.0**
+
+## What has been observed?
+
+CISA added this vulnerabilty in their [Known Exploited Vulnerabilties](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog on *date...*. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- <Vendor URL Here>
+
+### Additional Resources
+
+- 
\ No newline at end of file