“`html
- CISA Alerts on Exploited Vulnerabilities in Palo Alto Software
- New Flaws Added to KEV Catalog, Urging Federal Agencies to Act
- Exploits Can Lead to Data Theft and Unauthorized File Creation
The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has recently included two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, indicating that these flaws are currently being exploited by malicious actors.
These vulnerabilities were identified within the Expedition migration tool developed by Palo Alto Networks, which has previously been associated with another vulnerability now listed in the KEV catalog.
The newly identified issues include an unauthenticated command injection vulnerability (CVE-2024-9463) and an SQL injection flaw (CVE-2024-9465). The command injection flaw permits attackers to execute arbitrary commands with root privileges on the operating system. This access can expose sensitive information such as usernames, passwords in plaintext, device configurations, and API keys for PAN-OS firewalls. Conversely, the SQL injection vulnerability allows unauthorized users to access the Expedition database where they can find password hashes, usernames, device configurations, and API keys. Additionally, this flaw enables attackers to read or create files at will on the affected system.
Urgent Patching Required
A patch is reportedly available for immediate implementation. Users concerned about potential exploitation should upgrade their Expedition tool to version 1.2.96 or later without delay. For those unable to apply this update right away, Palo Alto Networks recommends limiting network access for Expedition exclusively to authorized users or networks.
The inclusion of a vulnerability in the KEV catalog signifies not only its active exploitation but also imposes a deadline for federal agencies—typically 21 days from listing—to either patch their systems or discontinue use of vulnerable software.
CISA has also recently added CVE-2024-5910 into its KEV list; this particular bug involves missing authentication for critical functions that could allow unauthorized individuals with network access to take over administrative accounts within Expedition.
Palo Alto Networks’ Expedition tool is designed specifically for streamlining and automating security policy migrations and optimizations related to next-generation firewalls from Palo Alto Networks. It facilitates a smoother transition from outdated firewall setups while minimizing manual intervention and reducing errors during configuration changes.
Source: BleepingComputer
You May Also Find Interesting
- Significant Security Flaw in Palo Alto Being Exploited via Python Zero-Day Backdoor
- A Comprehensive Guide: Top Firewalls Available Today
- The Leading Endpoint Protection Solutions Currently on Offer
Source
“`
