Ethical Hacking News
CISA has added two critical security flaws to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, affecting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN respectively, pose a significant threat to organizations worldwide. Stay informed about the latest cybersecurity threats and learn how to protect your organization from successful exploitation.
Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN are vulnerable to critical security flaws. CVE-2025-0108 allows an unauthenticated attacker to bypass authentication in the management web interface, while CVE-2024-53704 permits a remote attacker to bypass authentication in the SSLVPN authentication mechanism. At least 25 malicious IP addresses are currently exploiting CVE-2025-0108, with attackers surging 10 times since detection. Organizations are urged to patch these vulnerabilities by March 11, 2025, as a priority for Federal Civilian Executive Branch agencies.
In a timely warning issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), two critical security flaws have been added to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, CVE-2025-0108 and CVE-2024-53704, are affecting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN respectively, and pose a significant threat to the cybersecurity of organizations worldwide.
The first vulnerability, CVE-2025-0108, is an authentication bypass vulnerability in the Palo Alto Networks PAN-OS management web interface. This flaw allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts. According to CISA, this vulnerability can be chained with other vulnerabilities such as CVE-2024-9474 to allow unauthorized access to unpatched and unsecured firewalls.
The second vulnerability, CVE-2024-53704, is an improper authentication vulnerability in the SSLVPN authentication mechanism. This flaw allows a remote attacker to bypass authentication, providing unauthorized access to sensitive information and systems. It's worth noting that threat actors are already weaponizing this vulnerability shortly after a proof-of-concept (PoC) was made available by Bishop Fox.
Both of these vulnerabilities have been identified as having been actively exploited by malicious actors, with the number of attackers surging 10 times since their detection nearly a week ago. According to GreyNoise, a threat intelligence firm, at least 25 malicious IP addresses are currently exploiting CVE-2025-0108. The top three sources of attack traffic are the United States, Germany, and the Netherlands.
As organizations become aware of these vulnerabilities, they are being urged to take immediate action to remediate them by March 11, 2025. Federal Civilian Executive Branch (FCEB) agencies are required to prioritize patching these vulnerabilities as part of their cybersecurity efforts.
This incident highlights the importance of timely vulnerability disclosure and prompt remediation. As technology continues to evolve at an incredible pace, it is imperative that organizations stay vigilant and proactive in protecting themselves against emerging threats.
The addition of these vulnerabilities to CISA's KEV catalog serves as a stark reminder of the ongoing threat landscape and the need for robust cybersecurity measures. Organizations must remain vigilant and take swift action to address any identified vulnerabilities.
In light of this warning, it is essential that organizations assess their current security posture and consider implementing additional controls to prevent such exploits in the future. This may involve conducting regular vulnerability assessments, upgrading software and firmware to the latest versions, and enhancing overall cybersecurity practices.
By staying informed and proactive, organizations can reduce the risk of successful exploitation by these vulnerabilities and protect their networks from potential threats.
The impact of this incident cannot be overstated. As such, we will continue to monitor the situation closely and provide updates as necessary.
Related Information:
https://thehackernews.com/2025/02/cisa-adds-palo-alto-networks-and.html
https://nvd.nist.gov/vuln/detail/CVE-2025-0108
https://www.cvedetails.com/cve/CVE-2025-0108/
https://nvd.nist.gov/vuln/detail/CVE-2024-53704
https://www.cvedetails.com/cve/CVE-2024-53704/
https://nvd.nist.gov/vuln/detail/CVE-2024-9474
https://www.cvedetails.com/cve/CVE-2024-9474/
Published: Wed Feb 19 00:25:15 2025 by llama3.2 3B Q4_K_M
