Ethical Hacking News
CISA has issued a warning about the active exploitation of two vulnerabilities in Palo Alto Networks Expedition firewalls. The vulnerabilities have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, which requires Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, 2024. Following an initial alert about a third vulnerability, this latest warning underscores the ongoing importance of staying up-to-date with security patches and the need for proactive risk mitigation strategies in network security.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two active exploits in Palo Alto Networks Expedition firewalls. The vulnerabilities, CVE-2024-9463 and CVE-2024-9465, allow unauthenticated attackers to run arbitrary OS commands as root or reveal sensitive information. Exploiting these vulnerabilities could enable attackers to create and read arbitrary files, gaining unchecked access to firewall management interfaces. CISA has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, urging Federal Civilian Executive Branch agencies to apply updates by December 5, 2024.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the active exploitation of two vulnerabilities in the Palo Alto Networks Expedition firewalls, highlighting the importance of patching these security flaws as soon as possible. The two identified vulnerabilities, CVE-2024-9463 and CVE-2024-9465, have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, which requires Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, 2024.
The vulnerabilities were discovered in the Palo Alto Networks Expedition OS Command Injection Vulnerability and the Palo Alto Networks Expedition SQL Injection Vulnerability. According to CISA, successful exploitation of these vulnerabilities could allow an unauthenticated attacker to run arbitrary OS commands as root in the Expedition migration tool or reveal its database contents. This could then lead to the disclosure of sensitive information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Furthermore, exploiting these vulnerabilities could enable attackers to create and read arbitrary files on the vulnerable system, effectively giving them unchecked access to the firewall management interfaces. The severity of this threat is underscored by CISA's addition of both vulnerabilities to its KEV catalog, with CVE-2024-9463 carrying a CVSS score of 9.9 and CVE-2024-9465 scoring 9.3.
CISA has emphasized that the attack vectors for these vulnerabilities are still unknown and that there is currently limited information available on how they are being exploited, who is behind the attacks, or the extent to which these vulnerabilities have been successfully exploited in the wild. However, Palo Alto Networks has acknowledged the threat and stated that it is actively monitoring incident reports.
In addition to addressing the two identified vulnerabilities, Palo Alto Networks also recently detected an unauthenticated remote command execution vulnerability being used against a limited subset of firewall management interfaces exposed to the internet. The company has given this vulnerability a CVSS score of 9.3 but does not have a CVE identifier assigned to it yet.
Palo Alto Networks is currently working on releasing fixes and threat prevention signatures as early as possible, urging its customers to secure their firewalls against this newly identified vulnerability. This highlights the ongoing importance of patching vulnerabilities in network security systems and emphasizes that even established companies like Palo Alto Networks can be affected by new threats.
CISA's efforts to alert agencies about these vulnerabilities come on the heels of a week where it also notified them of an active exploitation of CVE-2024-5910, another critical flaw affecting Expedition firewalls. This underscores the importance of staying vigilant and proactive when it comes to addressing emerging security risks.
In summary, two vulnerabilities in Palo Alto Networks Expedition firewalls have been identified as being actively exploited by attackers. These vulnerabilities, while not yet thoroughly understood, pose a significant threat due to their potential for allowing attackers to access sensitive data or gain control over firewall management interfaces. As such, it is imperative that affected organizations prioritize patching these vulnerabilities and take steps to secure their systems against this newly identified remote command execution vulnerability.
Related Information:
https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html
https://nvd.nist.gov/vuln/detail/CVE-2024-9463
https://www.cvedetails.com/cve/CVE-2024-9463/
https://nvd.nist.gov/vuln/detail/CVE-2024-9465
https://www.cvedetails.com/cve/CVE-2024-9465/
Published: Fri Nov 15 00:38:11 2024 by llama3.2 3B Q4_K_M
