20241029001-Progress-WhatsUp-Critical-Update (#1069)

* 20241021003-CISA-NEW-ICS-Advisories

* Format markdown docs

* Update 20241021003

Included CISA references

* Format markdown docs

* 20241029001-Progress-WhatsUp-Critical-Update

* Format markdown docs

* Update 20241029001

Changed recommendation from "one month" to "48 hours" to align with E8 compliance.

* Format markdown docs

---------

Co-authored-by: TWangmo <[email protected]>
Co-authored-by: JadonWill <[email protected]>
Co-authored-by: JadonWill <[email protected]>

Author: TWangmo

docs/advisories/20241029001-Progress-WhatsUp-Critical-Update.md

@@ -0,0 +1,25 @@
+# Progress WhatsUp Critical Update - 20241029001
+
+## Overview
+
+The WA SOC has been made aware about a critical vulnerability in certain WhatsUp Gold versions, having an Authentication Bypass issue which allows an attacker to obtain encrypted user credentials.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s)                   | CVE                                                             | CVSS | Severity     |
+| ------------------- | ---------------------------- | --------------------------------------------------------------- | ---- | ------------ |
+| WhatsUp Gold        | All versions before 2024.0.0 | [CVE-2024-7763](https://nvd.nist.gov/vuln/detail/CVE-2024-7763) | 9.8  | **Critical** |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Progress: <https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024>
+
+## Additional References
+
+- SecurityOnlie: <https://securityonline.info/whatsup-gold-users-beware-critical-authentication-bypass-flaw-exposed-cve-2024-7763-cvss-9-8/>