Paessler patches PRTG zero-day vulnerability - 20240117005 (#468)

* Updates to multiple advisories

* Updated link

* Laravel added to CISA Known Exploited Vulnerability Catalog - 20240117001

* Paessler patches PRTG zero-day vulnerability - 20240117005

docs/advisories/20240117005-Paessler-patches-PRTG-zero-day-vulnerability.md

@@ -0,0 +1,26 @@
+# Paessler patches PRTG zero-day vulnerability - 20240117005
+
+## Overview
+
+Paessler has released updates to address a zero-day vulnerability in PRTG Network Monitor which could allow remote threat actors to bypass authentication on affected versions.
+
+## What is the Vulnerability?
+
+[CVE-2023-51630](https://nvd.nist.gov/vuln/detail/CVE-2023-51630) - This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
+
+## What is Vulnerable?
+
+| Product(s) Affected | Summary | Severity | CVSS
+| --- | --- |--- | --- |
+| All versions of PRTG Network Monitor ***including 23.4.90.1299 and prior*** | The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. | **TBA** | 8.8 |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- It is highly recommended to update PRTG Network Monitor to ***version 24.1.90.1306 or later*** - [PRTG Network Monitor - Release Notes (paessler.com)](https://www.paessler.com/prtg/history/stable)
+
+
+## Additional References
+
+- [Paessler Security Advisory - ZDI-24-073 | Zero Day Initiative](https://www.zerodayinitiative.com/advisories/ZDI-24-073/)