20241025001 (#1065)

* SQL-based Critical Vulnerabilities - 20240926001

* Format markdown docs

* Update 20240926001

Included references to "PostgreSQL".
Updated Recommendation with template text.
Removed duplicate NIST hyperlinks.
Added SecurityOnline 3rd party reference.

* Format markdown docs

* Update 20240926001

Removed all auto-generated '\' from table text

* Format markdown docs

* CISA Releases New ICS Advisories - 20241002001

* Format markdown docs

* Update 20241002001

Removed line break from table.
Inserted CISA advisory link in Recommendation.

* Palo Alto Critical Vulnerabilities - 20241010003

* Format markdown docs

* Update 20241010003

Changed table to template format.
Changed CVSS severity from high to critical.
Corrected reference hyperlink to correct syntax.

* Format markdown docs

* 20241025001

* Update 20241025001

Updated table contents.
Updated reference list and hyperlink syntax.

* Rename 20241025001

---------

Co-authored-by: thiagoai1 <[email protected]>
Co-authored-by: JadonWill <[email protected]>
Co-authored-by: JadonWill <[email protected]>

Author: thiagoai1

docs/advisories/20241025001-Cisco-Critical-Vulnerabilities.md

@@ -0,0 +1,29 @@
+# Cisco Addresses Critical Vulnerabilities - 20241025001
+
+## Overview
+
+The WA SOC has been made aware to critical vulnerabilities affecting Cisco systems that could enable an authenticated remote attacker to execute operating system commands with root privileges.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
+| ------------------- | ---------- | --- | ---- | -------- |
+| Cisco Secure Firewall Management Center (FMC) | all versions <= 7.4.2 | [CVE-2024-20424](https://nvd.nist.gov/vuln/detail/CVE-2024-20424) | 9.9 | **Critical** |
+| Cisco Adaptive Security Appliance (ASA) | all versions <= 9.18.3.56 | [CVE-2024-20329](https://nvd.nist.gov/vuln/detail/CVE-2024-20329) | 9.9 | **Critical** | 
+| Cisco Firepower Threat Defense (FTD) | all versions <= 7.4.1.1 | [CVE-2024-20412](https://nvd.nist.gov/vuln/detail/CVE-2024-20412) | 9.3 | **Critical** |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Cisco advisory CVE-2024-20424: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF>
+- Cisco advisory CVE-2024-20329: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7>
+- Cisco advisory CVE-2024-20412: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5>
+
+## Additional References
+
+- Security Affairs article: <https://securityaffairs.com/170203/breaking-news/cisco-fixed-tens-of-vulnerabilities-including-actively-exploited-one.html>