Article Details
Scrape Timestamp (UTC): 2024-11-15 05:08:47.873
Source: https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html
Original Article Text
Click to Toggle View
CISA Flags Critical Palo Alto Network Flaws Actively Exploited in the Wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild. To that, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, 2024. The security flaws are listed below - Successful exploitation of the vulnerabilities could allow an unauthenticated attacker to run arbitrary OS commands as root in the Expedition migration tool or reveal its database contents. This could then pave the way for disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls, or create and read arbitrary files on the vulnerable system. Palo Alto Networks addressed these shortcomings as part of security updates released on October 9, 2024. The company has since revised its original advisory to acknowledge that it's "aware of reports from CISA that there is evidence of active exploitation for CVE-2024-9463 and CVE-2024-9465." That said, not much is known about how these vulnerabilities are being exploited, by whom, and how widespread these attacks are. The development also came a week after CISA was notified of the active exploitation of CVE-2024-5910 (CVSS score: 9.3), another critical flaw affecting Expedition. Palo Alto Networks Confirms New Flaw Under Limited Attack Palo Alto Networks has since also confirmed that it has detected an unauthenticated remote command execution vulnerability being weaponized against a small subset of firewall management interfaces that are exposed to the internet, urging customers to secure them. "Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the internet," it added. The company, which is investigating the malicious activity and has given the vulnerability a CVSS score of 9.3 (no CVE identifier), also said it's "preparing to release fixes and threat prevention signatures as early as possible."
Daily Brief Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities in Palo Alto Networks Expedition to its KEV catalog due to active exploitation.
These vulnerabilities allow an unauthenticated attacker to execute arbitrary OS commands or access sensitive data including usernames, passwords, and API keys.
Exploited vulnerabilities could lead to the exposure of database contents or unauthorized access to device configurations.
Affected FCEB agencies are mandated to apply security patches by December 5, 2024, following guidance from CISA.
Palo Alto Networks released updates on October 9, 2024, to address these vulnerabilities and revised their advisory following CISA’s exploitation reports.
Another related critical flaw (CVE-2024-5910) was recently discovered, also under active exploitation, further highlighting ongoing security risks.
Palo Alto has detected a separate critical remote command execution vulnerability targeting a limited number of firewall interfaces, with fixes in progress.