Laravel added to CISA Known Exploited Vulnerability Catalog - 2024011…

…7001

docs/advisories/20240117001-Laravel-added-to-CISA-Known-Exploited-Vulnerability-Catalog.md

@@ -0,0 +1,28 @@
+# Laravel added to CISA Known Exploited Vulnerability Catalog - 20240117001
+
+## Overview
+
+CISA has added Laravel vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. 
+
+## What is the Vulnerability?
+
+[CVE-2018-15133](https://nvd.nist.gov/vuln/detail/CVE-2018-15133) - This vulnerability may allow remote code execution as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value.
+
+## What is vulnerable?
+
+| Product(s) Affected | Summary | Severity | CVSS
+| --- | --- |--- | --- |
+|  Laravel Framework ***versions through: 5.5.40 and 5.6.x - 5.6.29***  | On Laravel versions with this vulnerability, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. | **High** | 8.1 |
+
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Upgrade Guide - Laravel 5.6.30 - The PHP Framework For Web Artisans](https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30)
+
+
+## Additional References
+
+- [CISA Adds One Known Exploited Vulnerability to Catalog | CISA](https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-adds-one-known-exploited-vulnerability-catalog)
+- [CVE-2018-15133 : In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri (cvedetails.com)](https://www.cvedetails.com/cve/CVE-2018-15133/)