Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

CISA Warns of Active Exploitation of Two Critical Palo Alto Networks Flaws



CISA has issued an alert warning of the active exploitation of two critical vulnerabilities in Palo Alto Networks Expedition software, CVE-2024-9463 and CVE-2024-9465. These vulnerabilities have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog and require Federal Civilian Executive Branch agencies to apply the necessary updates by December 5, 2024. Users of Palo Alto Networks software should take immediate action to ensure that their systems are protected against these newly discovered threats.

  • CISA has issued a new alert warning of active exploitation of two critical vulnerabilities in Palo Alto Networks Expedition software.
  • The vulnerabilities, CVE-2024-9463 and CVE-2024-9465, have been added to CISA's KEV catalog and require patching by December 5, 2024.
  • CVSS scores of 9.9 for CVE-2024-9463 (command injection) and 9.3 for CVE-2024-9465 (SQL injection) indicate significant threats to system security.
  • Both vulnerabilities were patched by Palo Alto Networks in October 2024, but active exploitation has been reported for CVE-2024-9463.
  • Palo Alto Networks has also detected an unauthenticated remote command execution vulnerability being exploited against exposed firewall management interfaces.
  • CISA recommends patching these vulnerabilities and securing exposed interfaces to prevent unauthorized access and data breaches.



  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert warning of the active exploitation of two critical vulnerabilities in the Palo Alto Networks Expedition software. The vulnerabilities, CVE-2024-9463 and CVE-2024-9465, have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, 2024.

    The first vulnerability, CVE-2024-9463, has a CVSS score of 9.9 and is classified as a command injection vulnerability. This means that an attacker can inject malicious commands into the Expedition software, potentially allowing them to run arbitrary OS commands as root on the affected system. The second vulnerability, CVE-2024-9465, has a CVSS score of 9.3 and is classified as a SQL injection vulnerability. Similar to the first vulnerability, this allows an attacker to inject malicious SQL code into the Expedition software, potentially revealing sensitive data such as usernames, cleartext passwords, device configurations, and device API keys.

    Both vulnerabilities were patched by Palo Alto Networks in October 2024, but it appears that there is evidence of active exploitation for CVE-2024-9463. CISA has not yet confirmed how widespread these attacks are or who is behind them. However, it is clear that both vulnerabilities pose a significant threat to the security of systems running Expedition software.

    In addition to the two identified vulnerabilities, Palo Alto Networks has also detected an unauthenticated remote command execution vulnerability being exploited against a limited number of firewall management interfaces that are exposed to the internet. This vulnerability has been given a CVSS score of 9.3 and is classified as a threat that could potentially allow an attacker to execute malicious commands on the affected system.

    The good news for users of Palo Alto Networks software is that Palo Alto Networks has released security updates that address both identified vulnerabilities. The company has also announced that it is preparing to release fixes and threat prevention signatures to help protect against these newly discovered threats.

    As with any new vulnerability, it is essential for organizations running Expedition software to apply the necessary patches as soon as possible to prevent unauthorized access and potential data breaches. This includes securing exposed firewall management interfaces and ensuring that all systems running the latest security updates are patched.

    In light of this new information, CISA has issued a reminder to Federal Civilian Executive Branch agencies to prioritize patching these vulnerabilities before December 5, 2024. Users of Palo Alto Networks software should also take immediate action to ensure that their systems are protected against these newly discovered threats.

    The importance of keeping up-to-date with the latest security patches and updates cannot be overstated, especially for organizations running critical systems such as Expedition software. By taking proactive steps to secure their systems and applying the necessary patches, users can help prevent unauthorized access and potential data breaches.

    In conclusion, CISA's recent warning about the active exploitation of two critical vulnerabilities in Palo Alto Networks Expedition software serves as a stark reminder of the importance of prioritizing security and keeping up-to-date with the latest patches and updates. By staying vigilant and taking immediate action to patch these newly discovered threats, users can help protect their systems against unauthorized access and potential data breaches.



    Related Information:

  • https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html

  • https://nvd.nist.gov/vuln/detail/CVE-2024-9463

  • https://www.cvedetails.com/cve/CVE-2024-9463/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-9465

  • https://www.cvedetails.com/cve/CVE-2024-9465/


  • Published: Fri Nov 15 02:53:07 2024 by llama3.2 3B Q4_K_M













         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us