From b0d0f1ec682d2ad943a2d0767dbf281c8f113641 Mon Sep 17 00:00:00 2001 From: Thiago C <119277395+thiagoai1@users.noreply.github.com> Date: Wed, 13 Mar 2024 16:16:38 +0800 Subject: [PATCH 01/16] Microsoft Releases Security Updates for Multiple Products - 20240313001 --- ...001-Microsoft-Releases-Multiple-Updates.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 docs/advisories/20240313001-Microsoft-Releases-Multiple-Updates.md diff --git a/docs/advisories/20240313001-Microsoft-Releases-Multiple-Updates.md b/docs/advisories/20240313001-Microsoft-Releases-Multiple-Updates.md new file mode 100644 index 000000000..250103654 --- /dev/null +++ b/docs/advisories/20240313001-Microsoft-Releases-Multiple-Updates.md @@ -0,0 +1,22 @@ +# Microsoft Releases Security Updates for Multiple Products - 20240313001 + +## Overview + +Microsoft has released security updates to address vulnerabilities in multiple products.A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. + +## What is vulnerable? + +This release consists of the following 61 Microsoft CVEs: + +* [March 2024 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar) +## What has been observed? + +CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *two weeks* (refer [Patch Management](../guidelines/patch-management.md)). + +## Additional References + +- [CISA - Microsoft Releases Security Updates for Multiple Products](https://www.cisa.gov/news-events/alerts/2024/03/12/microsoft-releases-security-updates-multiple-products) From 3588991c1eca0c48634ee2cb26f04e3c71971dad Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 13 Mar 2024 08:17:41 +0000 Subject: [PATCH 02/16] Format markdown files --- .../20240313001-Microsoft-Releases-Multiple-Updates.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/advisories/20240313001-Microsoft-Releases-Multiple-Updates.md b/docs/advisories/20240313001-Microsoft-Releases-Multiple-Updates.md index 250103654..488f927d1 100644 --- a/docs/advisories/20240313001-Microsoft-Releases-Multiple-Updates.md +++ b/docs/advisories/20240313001-Microsoft-Releases-Multiple-Updates.md @@ -8,7 +8,8 @@ Microsoft has released security updates to address vulnerabilities in multiple p This release consists of the following 61 Microsoft CVEs: -* [March 2024 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar) +- [March 2024 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar) + ## What has been observed? CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. From 6cb516d81f11756314bd157222e823c5a1f14b21 Mon Sep 17 00:00:00 2001 From: Thiago C <119277395+thiagoai1@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:52:12 +0800 Subject: [PATCH 03/16] Apache Tomcat Denial of Service Vulnerabilities --- ...omcat-Denial-of-Service-Vulnerabilities.md | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md diff --git a/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md b/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md new file mode 100644 index 000000000..ef7e753d9 --- /dev/null +++ b/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md @@ -0,0 +1,34 @@ +# Apache Tomcat Denial of Service Vulnerabilities - 20240327002 + +## Overview + +Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. + +## What is vulnerable? + +| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated | +| ------ | ------------ | ---- | ------------------- | ------- | ----- | +| [CVE-2024-23672]() | **Critical** | N/A | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98**| +[CVE-2024-24549]()| **Critical** | N/A | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.**| + + + +## What has been observed? + +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): + +- [CVE-2024-24549 Apache Tomcat - Denial of Service]() +- [CVE-2024-23672 Apache Tomcat - Denial of Service]() + +## Additional References + +- NIST - [CVE-2024-23672 Detail +]() + +- NIST - [CVE-2024-24549 Detail +]() + From a1af55131c95597e78aed28384761f847572f96c Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 27 Mar 2024 03:53:22 +0000 Subject: [PATCH 04/16] Format markdown files --- ...omcat-Denial-of-Service-Vulnerabilities.md | 65 +++++++++---------- 1 file changed, 31 insertions(+), 34 deletions(-) diff --git a/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md b/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md index ef7e753d9..b6bd66d7c 100644 --- a/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md +++ b/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md @@ -1,34 +1,31 @@ -# Apache Tomcat Denial of Service Vulnerabilities - 20240327002 - -## Overview - -Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. - -## What is vulnerable? - -| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated | -| ------ | ------------ | ---- | ------------------- | ------- | ----- | -| [CVE-2024-23672]() | **Critical** | N/A | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98**| -[CVE-2024-24549]()| **Critical** | N/A | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.**| - - - -## What has been observed? - -There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. - -## Recommendation - -The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): - -- [CVE-2024-24549 Apache Tomcat - Denial of Service]() -- [CVE-2024-23672 Apache Tomcat - Denial of Service]() - -## Additional References - -- NIST - [CVE-2024-23672 Detail -]() - -- NIST - [CVE-2024-24549 Detail -]() - +# Apache Tomcat Denial of Service Vulnerabilities - 20240327002 + +## Overview + +Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. + +## What is vulnerable? + +| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated | +| ----------------------------------------------------------------- | ------------ | ---- | ------------------------------------------------------------------------------------------------------------------------------- | ------- | ----- | +| [CVE-2024-23672](https://nvd.nist.gov/vuln/detail/CVE-2024-23672) | **Critical** | N/A | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98** | | | +| [CVE-2024-24549](https://nvd.nist.gov/vuln/detail/CVE-2024-24549) | **Critical** | N/A | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.** | | | + +## What has been observed? + +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): + +- [CVE-2024-24549 Apache Tomcat - Denial of Service](https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg) +- [CVE-2024-23672 Apache Tomcat - Denial of Service](https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f) + +## Additional References + +- NIST - [CVE-2024-23672 Detail + ](https://nvd.nist.gov/vuln/detail/CVE-2024-23672) + +- NIST - [CVE-2024-24549 Detail + ](https://nvd.nist.gov/vuln/detail/CVE-2024-24549) From bb73e215408fc2791cbdbc15a4de50ff98fdde84 Mon Sep 17 00:00:00 2001 From: "Joshua Hitchen (DGov)" <86041569+DGovEnterprise@users.noreply.github.com> Date: Wed, 27 Mar 2024 13:02:28 +0800 Subject: [PATCH 05/16] Update 20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md Minor grammar and syntax changes --- ...002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md b/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md index b6bd66d7c..28b8f3ec8 100644 --- a/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md +++ b/docs/advisories/20240327002-Apache-Tomcat-Denial-of-Service-Vulnerabilities.md @@ -6,10 +6,10 @@ Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was ## What is vulnerable? -| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated | -| ----------------------------------------------------------------- | ------------ | ---- | ------------------------------------------------------------------------------------------------------------------------------- | ------- | ----- | -| [CVE-2024-23672](https://nvd.nist.gov/vuln/detail/CVE-2024-23672) | **Critical** | N/A | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98** | | | -| [CVE-2024-24549](https://nvd.nist.gov/vuln/detail/CVE-2024-24549) | **Critical** | N/A | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.** | | | +| CVE | Severity | CVSS | Product(s) Affected | +| ----------------------------------------------------------------- | ------------ | ---- | ------------------------------------------------------------------------------------------------------------------------------- | +| [CVE-2024-23672](https://nvd.nist.gov/vuln/detail/CVE-2024-23672) | **Critical** | TBD | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98** | +| [CVE-2024-24549](https://nvd.nist.gov/vuln/detail/CVE-2024-24549) | **Critical** | TBD | **From 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.** | ## What has been observed? From 159e94b403abcee3d079b55dde6ecee557f5ad83 Mon Sep 17 00:00:00 2001 From: Thiago C <119277395+thiagoai1@users.noreply.github.com> Date: Wed, 3 Apr 2024 10:52:24 +0800 Subject: [PATCH 06/16] Qualcomm Critical Security Vulnerability - 20240403001 --- ...lcomm-Critical-Security-Vulnerabilities.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md diff --git a/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md b/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md new file mode 100644 index 000000000..fc4841366 --- /dev/null +++ b/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md @@ -0,0 +1,23 @@ +# Qualcomm Critical Security Vulnerability - 20240403001 + +## Overview + +Qualcomm detected a memory corruption vulnerability while redirecting a log file to any file location with any file name + +## What is vulnerable? + +| CVE | Severity | CVSS | Product(s) Affected | +| ----------------------------------------------------------------- | ------------ | ---- | ------------------------------------- | +| [CVE-2024-21473](https://nvd.nist.gov/vuln/detail/CVE-2024-21473) | **Critical** | 9.8 | [Affected Chipsets](https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html) | + +## What has been observed? + +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions or discontinue use of the product if mitigations are unavailable. (refer [Patch Management](../guidelines/patch-management.md)): + +- [Qualcomm - April 2024 Security Bulletin +](https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html) +- [NIST -CVE-2024-21473 ](https://nvd.nist.gov/vuln/detail/CVE-2024-21473) From 39b7acebea6426300a3232d15b43aa0cb545ee1d Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 3 Apr 2024 02:53:42 +0000 Subject: [PATCH 07/16] Format markdown files --- ...0240403001-Qualcomm-Critical-Security-Vulnerabilities.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md b/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md index fc4841366..c12d61332 100644 --- a/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md +++ b/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md @@ -6,8 +6,8 @@ Qualcomm detected a memory corruption vulnerability while redirecting a log file ## What is vulnerable? -| CVE | Severity | CVSS | Product(s) Affected | -| ----------------------------------------------------------------- | ------------ | ---- | ------------------------------------- | +| CVE | Severity | CVSS | Product(s) Affected | +| ----------------------------------------------------------------- | ------------ | ---- | ---------------------------------------------------------------------------------------------------------------- | | [CVE-2024-21473](https://nvd.nist.gov/vuln/detail/CVE-2024-21473) | **Critical** | 9.8 | [Affected Chipsets](https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html) | ## What has been observed? @@ -19,5 +19,5 @@ There is no evidence of exploitation affecting Western Australian Government net The WA SOC recommends administrators apply the solutions as per vendor instructions or discontinue use of the product if mitigations are unavailable. (refer [Patch Management](../guidelines/patch-management.md)): - [Qualcomm - April 2024 Security Bulletin -](https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html) + ](https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html) - [NIST -CVE-2024-21473 ](https://nvd.nist.gov/vuln/detail/CVE-2024-21473) From 01fd435512837fa0935a254cb3b82568e301a1cb Mon Sep 17 00:00:00 2001 From: Thiago C <119277395+thiagoai1@users.noreply.github.com> Date: Wed, 10 Apr 2024 11:47:09 +0800 Subject: [PATCH 08/16] Microsoft Releases April Security Updates --- ...3-Microsoft-Security-Updates-April-2024.md | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md diff --git a/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md b/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md new file mode 100644 index 000000000..18f22d8a6 --- /dev/null +++ b/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md @@ -0,0 +1,24 @@ +# Microsoft Releases April Security Updates - 20240410003 + +## Overview + +Microsoft has released security updates to address vulnerabilities in multiple products.A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. + +## What is vulnerable? + +This release consists of the following 149 Microsoft CVEs: + +- [April 2024 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr) + +## What has been observed? + + There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *two weeks* (refer [Patch Management](../guidelines/patch-management.md)). + +## Additional References + +- [CISA -Microsoft Releases April 2024 Security Updates  +](https://www.cisa.gov/news-events/alerts/2024/04/09/microsoft-releases-april-2024-security-updates) From 96761190e3e07800b81a131f0d206693b0fa4314 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 10 Apr 2024 03:48:29 +0000 Subject: [PATCH 09/16] Format markdown files --- .../20240410003-Microsoft-Security-Updates-April-2024.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md b/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md index 18f22d8a6..f0d7552c3 100644 --- a/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md +++ b/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md @@ -12,7 +12,7 @@ This release consists of the following 149 Microsoft CVEs: ## What has been observed? - There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. ## Recommendation @@ -20,5 +20,5 @@ The WA SOC recommends administrators apply the solutions as per vendor instructi ## Additional References -- [CISA -Microsoft Releases April 2024 Security Updates  -](https://www.cisa.gov/news-events/alerts/2024/04/09/microsoft-releases-april-2024-security-updates) +- [CISA -Microsoft Releases April 2024 Security Updates + ](https://www.cisa.gov/news-events/alerts/2024/04/09/microsoft-releases-april-2024-security-updates) From 96f64e73af773802dd19e433459a0f6752e4079e Mon Sep 17 00:00:00 2001 From: Thiago C <119277395+thiagoai1@users.noreply.github.com> Date: Wed, 10 Apr 2024 11:52:13 +0800 Subject: [PATCH 10/16] April 2024 Security Updates --- .../20240410003-Microsoft-Security-Updates-April-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md b/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md index f0d7552c3..21cd7aab1 100644 --- a/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md +++ b/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md @@ -21,4 +21,4 @@ The WA SOC recommends administrators apply the solutions as per vendor instructi ## Additional References - [CISA -Microsoft Releases April 2024 Security Updates - ](https://www.cisa.gov/news-events/alerts/2024/04/09/microsoft-releases-april-2024-security-updates) + ](https://www.cisa.gov/news-events/alerts/2024/04/09/microsoft-releases-april-2024-security-updates) \ No newline at end of file From d3bb5b3f972730360229767bef36951da681eca8 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 10 Apr 2024 03:53:29 +0000 Subject: [PATCH 11/16] Format markdown files --- .../20240410003-Microsoft-Security-Updates-April-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md b/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md index 21cd7aab1..f0d7552c3 100644 --- a/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md +++ b/docs/advisories/20240410003-Microsoft-Security-Updates-April-2024.md @@ -21,4 +21,4 @@ The WA SOC recommends administrators apply the solutions as per vendor instructi ## Additional References - [CISA -Microsoft Releases April 2024 Security Updates - ](https://www.cisa.gov/news-events/alerts/2024/04/09/microsoft-releases-april-2024-security-updates) \ No newline at end of file + ](https://www.cisa.gov/news-events/alerts/2024/04/09/microsoft-releases-april-2024-security-updates) From 01d5d41d5110516c7b37dc9b51a5cb5786f880b3 Mon Sep 17 00:00:00 2001 From: "Joshua Hitchen (DGov)" <86041569+DGovEnterprise@users.noreply.github.com> Date: Wed, 10 Apr 2024 13:39:08 +0800 Subject: [PATCH 12/16] Delete docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md Not needed --- ...lcomm-Critical-Security-Vulnerabilities.md | 23 ------------------- 1 file changed, 23 deletions(-) delete mode 100644 docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md diff --git a/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md b/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md deleted file mode 100644 index c12d61332..000000000 --- a/docs/advisories/20240403001-Qualcomm-Critical-Security-Vulnerabilities.md +++ /dev/null @@ -1,23 +0,0 @@ -# Qualcomm Critical Security Vulnerability - 20240403001 - -## Overview - -Qualcomm detected a memory corruption vulnerability while redirecting a log file to any file location with any file name - -## What is vulnerable? - -| CVE | Severity | CVSS | Product(s) Affected | -| ----------------------------------------------------------------- | ------------ | ---- | ---------------------------------------------------------------------------------------------------------------- | -| [CVE-2024-21473](https://nvd.nist.gov/vuln/detail/CVE-2024-21473) | **Critical** | 9.8 | [Affected Chipsets](https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html) | - -## What has been observed? - -There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. - -## Recommendation - -The WA SOC recommends administrators apply the solutions as per vendor instructions or discontinue use of the product if mitigations are unavailable. (refer [Patch Management](../guidelines/patch-management.md)): - -- [Qualcomm - April 2024 Security Bulletin - ](https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html) -- [NIST -CVE-2024-21473 ](https://nvd.nist.gov/vuln/detail/CVE-2024-21473) From 8cd27b40ec5cbd51966a55503b69a59ee85901d1 Mon Sep 17 00:00:00 2001 From: Thiago C <119277395+thiagoai1@users.noreply.github.com> Date: Wed, 17 Apr 2024 11:43:23 +0800 Subject: [PATCH 13/16] Mozilla vulns --- ...Mozilla-Multiple-Products-Vulnerability.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 docs/advisories/20240417001-Mozilla-Multiple-Products-Vulnerability.md diff --git a/docs/advisories/20240417001-Mozilla-Multiple-Products-Vulnerability.md b/docs/advisories/20240417001-Mozilla-Multiple-Products-Vulnerability.md new file mode 100644 index 000000000..8e75e9e16 --- /dev/null +++ b/docs/advisories/20240417001-Mozilla-Multiple-Products-Vulnerability.md @@ -0,0 +1,22 @@ +# Multiple Vulnerabilities in Mozilla Products - 20240417001 + +## Overview + +Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. + + +## What is vulnerable? + +The vulnerabilities affect products prior to the following versions: + +- [Firefox ESR versions prior to 115.10](https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/) +- [Thunderbird versions prior to 115.10](https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/) +- [Firefox versions prior to 125](https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864) + +## What has been observed? + +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)) From 294a65249321a2124514d81211a1f8ffb47c6604 Mon Sep 17 00:00:00 2001 From: thiagoai1 Date: Wed, 17 Apr 2024 03:44:06 +0000 Subject: [PATCH 14/16] Format markdown docs --- .../20240417001-Mozilla-Multiple-Products-Vulnerability.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/advisories/20240417001-Mozilla-Multiple-Products-Vulnerability.md b/docs/advisories/20240417001-Mozilla-Multiple-Products-Vulnerability.md index 8e75e9e16..577c8e61d 100644 --- a/docs/advisories/20240417001-Mozilla-Multiple-Products-Vulnerability.md +++ b/docs/advisories/20240417001-Mozilla-Multiple-Products-Vulnerability.md @@ -4,7 +4,6 @@ Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. - ## What is vulnerable? The vulnerabilities affect products prior to the following versions: From d8a85d8bfe0eefadb604052ae7ab3f519067c6ae Mon Sep 17 00:00:00 2001 From: Thiago C <119277395+thiagoai1@users.noreply.github.com> Date: Wed, 24 Apr 2024 11:53:07 +0800 Subject: [PATCH 15/16] MS Exchange --- ...ver-Remote-Code-Execution-Vulnerability.md | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 docs/advisories/20240424001-Microsoft-Exchange-Server-Remote-Code-Execution-Vulnerability.md diff --git a/docs/advisories/20240424001-Microsoft-Exchange-Server-Remote-Code-Execution-Vulnerability.md b/docs/advisories/20240424001-Microsoft-Exchange-Server-Remote-Code-Execution-Vulnerability.md new file mode 100644 index 000000000..36e518b24 --- /dev/null +++ b/docs/advisories/20240424001-Microsoft-Exchange-Server-Remote-Code-Execution-Vulnerability.md @@ -0,0 +1,25 @@ +# Microsoft Exchange Server Remote Code Execution Vulnerability - 20240424001 + +## Overview +Microsoft Exchange Server Remote Code Execution Vulnerability + +## What is vulnerable? + +| CVE | Severity | CVSS | Product(s) Affected | Dated | +| ----------------------------------------------------------------- | -------- | ---- | --------------------------------- | --------------------------- | +| [CVE-2024-26198](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198) | **Important** | 7.7 | See vendor link in Recommendation | 12/03/24 (Updated 23/04/24) | + +## What has been observed? + +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): + +- [Microsoft Exchange Server Remote Code Execution Vulnerability Recently updated](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-26190) + +## Additional References + +- [Tenable - CVE-2024-26198 +](https://www.tenable.com/cve/CVE-2024-26198) From c65c2a79c74f8150b9855ee13f2b608d0458eeeb Mon Sep 17 00:00:00 2001 From: thiagoai1 Date: Wed, 24 Apr 2024 03:53:53 +0000 Subject: [PATCH 16/16] Format markdown docs --- ...-Exchange-Server-Remote-Code-Execution-Vulnerability.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/advisories/20240424001-Microsoft-Exchange-Server-Remote-Code-Execution-Vulnerability.md b/docs/advisories/20240424001-Microsoft-Exchange-Server-Remote-Code-Execution-Vulnerability.md index 36e518b24..1f72406a7 100644 --- a/docs/advisories/20240424001-Microsoft-Exchange-Server-Remote-Code-Execution-Vulnerability.md +++ b/docs/advisories/20240424001-Microsoft-Exchange-Server-Remote-Code-Execution-Vulnerability.md @@ -1,12 +1,13 @@ # Microsoft Exchange Server Remote Code Execution Vulnerability - 20240424001 ## Overview + Microsoft Exchange Server Remote Code Execution Vulnerability ## What is vulnerable? -| CVE | Severity | CVSS | Product(s) Affected | Dated | -| ----------------------------------------------------------------- | -------- | ---- | --------------------------------- | --------------------------- | +| CVE | Severity | CVSS | Product(s) Affected | Dated | +| -------------------------------------------------------------------------------------- | ------------- | ---- | --------------------------------- | --------------------------- | | [CVE-2024-26198](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198) | **Important** | 7.7 | See vendor link in Recommendation | 12/03/24 (Updated 23/04/24) | ## What has been observed? @@ -22,4 +23,4 @@ The WA SOC recommends administrators apply the solutions as per vendor instructi ## Additional References - [Tenable - CVE-2024-26198 -](https://www.tenable.com/cve/CVE-2024-26198) + ](https://www.tenable.com/cve/CVE-2024-26198)