Ethical Hacking News
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog, signaling a growing concern for cybersecurity as threat actors continue to exploit critical vulnerabilities in various software systems.
Palo Alto Networks PAN-OS firewalls are vulnerable to CVE-2025-0108, which allows attackers to bypass authentication and invoke certain PHP scripts. SonicWall's SonicOS firmware is also affected by CVE-2024-53704, a vulnerability with a CVSS score of 8.2. Organizations relying on PAN-OS firewalls are advised to restrict access to trusted internal IP addresses to mitigate the risk. Threat actors are targeting unpatched devices vulnerable to CVE-2025-0108, and organizations should assume they are being targeted if their devices have not been patched.
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog, signaling a growing concern for cybersecurity as threat actors continue to exploit critical vulnerabilities in various software systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken notice of the recent vulnerability in Palo Alto Networks PAN-OS firewalls, CVE-2025-0108, which was first discovered by researchers at the Shadowserver Foundation. This vulnerability allows attackers to bypass authentication and invoke certain PHP scripts, potentially compromising the integrity and confidentiality of PAN-OS systems.
The vulnerability resides in the PAN-OS management web interface, where an unauthenticated attacker on the network can exploit it to bypass authentication and invoke certain PHP scripts. The risk is higher if the management interface is accessible from the internet or an untrusted network, directly or via a dataplane interface with a management profile. To mitigate this risk, organizations relying on PAN-OS firewalls are advised to restrict access to trusted internal IP addresses.
Furthermore, cybersecurity firm Assetnote has discovered and published a detailed analysis of the issue. Researchers demonstrated that attackers can exploit the flaw to extract data from vulnerable devices, including firewall configurations. The root cause of the issue is that Nginx and Apache handle encoded paths differently, leading to directory traversal and unauthorized execution of PHP scripts.
The same vulnerability was also found in SonicWall's SonicOS firmware, CVE-2024-53704, which has a CVSS score of 8.2. This vulnerability resides in SSL VPN and SSH management and is susceptible to actual exploitation. SonicWall urged customers to upgrade the SonicOS firmware to patch this vulnerability, stating that it should be mitigated immediately.
The recent additions to CISA's Known Exploited Vulnerabilities catalog highlight the growing concern for cybersecurity as threat actors continue to exploit critical vulnerabilities in various software systems. It is essential for organizations to take immediate action to secure their systems and ensure that they are not vulnerable to exploitation by malicious actors.
In addition to this vulnerability, there have been other recent developments in the cybersecurity landscape. Cybersecurity firm GreyNoise confirmed that threat actors attempted to exploit CVE-2025-0108, stating that organizations relying on PAN-OS firewalls should assume that unpatched devices are being targeted and take immediate steps to secure them.
The exploitation of critical vulnerabilities like this highlights the importance of staying up-to-date with the latest security patches and best practices. It is also essential for organizations to have a robust cybersecurity strategy in place, including regular monitoring and incident response planning.
Furthermore, researchers at Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager, while Cybersecurity firm Leaseweb took down critical systems after a cyber attack. In another development, Crypto investor data was exposed by a SIM swapping attack against a Kroll employee.
The rise of sophisticated attacks and the exploitation of critical vulnerabilities like this underscore the need for organizations to prioritize cybersecurity and invest in robust security measures. As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and take proactive steps to protect their systems and data.
In conclusion, the recent vulnerability in Palo Alto Networks PAN-OS firewalls highlights the growing concern for cybersecurity as threat actors continue to exploit critical vulnerabilities in various software systems. It is essential for organizations to take immediate action to secure their systems and ensure that they are not vulnerable to exploitation by malicious actors.
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog, signaling a growing concern for cybersecurity as threat actors continue to exploit critical vulnerabilities in various software systems.
Related Information:
https://securityaffairs.com/174375/security/u-s-cisa-adds-sonicwall-sonicos-and-palo-alto-pan-os-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2025-0108
https://www.cvedetails.com/cve/CVE-2025-0108/
https://nvd.nist.gov/vuln/detail/CVE-2024-53704
https://www.cvedetails.com/cve/CVE-2024-53704/
Published: Wed Feb 19 01:46:52 2025 by llama3.2 3B Q4_K_M
