Ethical Hacking News
CISA Warns of Additional Palo Alto Networks Vulnerabilities Exploited in Wild Attacks
Recently, the United States Cybersecurity and Infrastructure Security Agency (CISA) released a statement informing the public about two additional critical security vulnerabilities found in Palo Alto Networks' Expedition migration tool. This alarming news comes as part of CISA's ongoing efforts to educate the nation on the current cybersecurity landscape.
The first vulnerability allows attackers to inject arbitrary commands into unpatched systems running the Expedition migration tool, while the second vulnerability enables attackers to access sensitive information such as usernames, cleartext passwords, device configurations, and even API keys of PAN-OS firewalls.
In light of this new information, it is crucial for organizations to take immediate action to patch their systems and protect themselves from these vulnerabilities.
Two critical security vulnerabilities were found in Palo Alto Networks' Expedition migration tool, identified as CVE-2024-9463 and CVE-2024-9465. The first vulnerability allows attackers to inject arbitrary commands into unpatched systems, while the second enables access to database contents and file system manipulation. Palo Alto Networks has released security updates addressing these issues in version 1.2.96 and later. Administrators are advised to restrict network access to authorized users, hosts, or networks until the software can be updated. The vulnerabilities combined expose sensitive information, including usernames, cleartext passwords, and device API keys. CISA has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch servers within three weeks. Another critical security flaw was discovered in Palo Alto Networks' Expedition, a missing authentication vulnerability (CVE-2024-5910) that can be exploited for arbitrary command execution. CISA has also warned of potential PAN-OS RCE vulnerabilities and other attacks exploiting various software flaws.
Recently, the United States Cybersecurity and Infrastructure Security Agency (CISA) released a statement informing the public about two additional critical security vulnerabilities found in Palo Alto Networks' Expedition migration tool. This alarming news comes as part of CISA's ongoing efforts to educate the nation on the current cybersecurity landscape.
The first vulnerability, identified with the identifier CVE-2024-9463, allows attackers to inject arbitrary commands into unpatched systems running the Expedition migration tool. This means that a malicious actor can potentially exploit this vulnerability to execute any command as root, giving them access to sensitive information such as usernames, cleartext passwords, device configurations, and even API keys of PAN-OS firewalls.
The second vulnerability, identified with the identifier CVE-2024-9465, enables attackers to access Expedition database contents, including password hashes, usernames, device configurations, and device API keys. Furthermore, this vulnerability also allows attackers to create or read arbitrary files on vulnerable systems.
Palo Alto Networks has since released security updates addressing these issues in their Expedition 1.2.96 version and later. The company advises administrators who cannot update the software immediately to restrict Expedition network access to authorized users, hosts, or networks.
According to a security advisory published by Palo Alto Networks in early October, both vulnerabilities combined expose sensitive information including usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. The company also emphasized that it's crucial for all Expedition usernames, passwords, and API keys to be rotated after upgrading to the fixed version of Expedition.
In addition, the cybersecurity agency has added both vulnerabilities to its Known Exploited Vulnerabilities Catalog, ordering federal agencies to patch Palo Alto Networks Expedition servers on their networks within three weeks, by December 5, as required by the binding operational directive (BOD 22-01).
Furthermore, CISA warned of another critical security flaw in Palo Alto Networks' Expedition—a missing authentication vulnerability (CVE-2024-5910) patched in July that can let threat actors reset application admin credentials—actively abused in attacks. The agency also noted that proof-of-concept exploit code released by Horizon3.ai vulnerability researcher Zach Hanley last month can help chain CVE-2024-5910 with another command injection vulnerability (CVE-2024-9464) patched in October to gain "unauthenticated" arbitrary command execution on vulnerable and Internet-exposed Expedition servers.
Lastly, the cybersecurity agency also warned of potential PAN-OS RCE (Remote Code Execution) vulnerabilities that could be exploited by attackers to hijack unpatched PAN-OS firewalls. Additionally, CISA has issued warnings about other attacks exploiting SolarWinds Web Help Desk, Fortinet RCE flaws, and Glove infostealer malware bypassing Chrome's cookie encryption.
In conclusion, the security landscape continues to evolve with new vulnerabilities being discovered regularly. It is crucial for organizations to stay informed and take proactive measures to protect themselves from these threats.
Related Information:
https://www.bleepingcomputer.com/news/security/cisa-warns-of-more-palo-alto-networks-bugs-exploited-in-attacks/
https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-palo-alto-networks-bug-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-9463
https://www.cvedetails.com/cve/CVE-2024-9463/
https://nvd.nist.gov/vuln/detail/CVE-2024-9465
https://www.cvedetails.com/cve/CVE-2024-9465/
https://nvd.nist.gov/vuln/detail/CVE-2024-5910
https://www.cvedetails.com/cve/CVE-2024-5910/
https://nvd.nist.gov/vuln/detail/CVE-2024-9464
https://www.cvedetails.com/cve/CVE-2024-9464/
Published: Thu Nov 14 17:27:23 2024 by llama3.2 3B Q4_K_M
