Trend Micro Cloud Edge Advisory (#1054)

* Cisco Affected by OpenSSH Vulnerability

* Format markdown docs

* Update 20240709001-Cisco-Affected-by-OpenSSH-Vulnerability.md

Update with link to previous mentioned CVE advisory

* Oracle Critical Patch Update

* Format markdown docs

* Update 20240719001

* Format markdown docs

* Okta Releases Browser Plugin Advisory

* Format markdown docs

* Update 20240723002

* Advisory_20240801002

* Format markdown docs

* Update 20240801002

Applied "advisory-CISA-ICS-Advisories" template

* Format markdown docs

* Update 20240801002_02

Hyperlink fix

* Format markdown docs

* Advisory-20240823001

* Format markdown docs

* CISA Joint Advisory

* Format markdown docs

* Zabbix Server Advisory

* Format markdown docs

* Veeam Releases Critical Updates

* Format markdown docs

* Veeam Releases Critical Updates 002

* Veeam Releases Critical Updates - 20240909002

* Format markdown docs

* PR provided and changed to read 001

* Deleted

* Deleted

* GeoServer Critical Vulnerability

* Format markdown docs

* Update 20240924002

Reformatted affected version list to correct format.
Added applicable GeoTools information and CVE.
Added GeoServer advisory hyperlink.

* Format markdown docs

* Update 20240924002

Removed all auto-generated '\' from table text

* Format markdown docs

* Update 20240924002

Removed all auto-generated '\' from table text

* Format markdown docs

* WhatsUp Gold Security Bulletin

* Format markdown docs

* Update 20240930002

* Format markdown docs

* Siemens Security Advisory

* Format markdown docs

* Update 20241009004

Renamed file.
Included Siemens in the title.
Updated table to ICS-related template.

* Format markdown docs

* Trend Micro Cloud Edge Advisory

* Format markdown docs

* Update 20241021001

Removed unnecessary table centered formatting.
Included affected version build numbers.

* Format markdown docs

* Update 20241021001-Trend-Releases-Critical-Update.md

Removed all auto-generated '\' from table text

---------

Co-authored-by: CharlesRN <[email protected]>
Co-authored-by: Joshua Hitchen (DGov) <[email protected]>
Co-authored-by: JadonWill <[email protected]>
Co-authored-by: JadonWill <[email protected]>

Author: 3 people

docs/advisories/20241021001-Trend-Releases-Critical-Update.md

@@ -0,0 +1,25 @@
+# Trend Releases Critical Update - 20241021001
+
+## Overview
+
+Trend Micro has released updates to address a critical command injection vulnerability in the Cloud Edge appliance. This vulnerability could allow a threat actor to execute Remote Code on affected devices without authentication.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s)                                      | CVE #                                                             | CVSS v4/v3 | Severity |
+| ------------------- | ----------------------------------------------- | ----------------------------------------------------------------- | ---------- | -------- |
+| Cloud Edge          | - 5.6SP2 < build 3228 <br> - 7.0 < build 1081 | [CVE-2024-48904](https://nvd.nist.gov/vuln/detail/CVE-2024-48904) | 9.8        | Critical |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Trend Micro: <https://success.trendmicro.com/en-US/solution/KA-0017998>
+
+## Additional References
+
+- Cybersecurity News: <https://securityonline.info/cve-2024-48904-cvss-9-8-critical-command-injection-vulnerability-in-trend-micro-cloud-edge/>