Home Security CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed

by


Nov 15, 2024Ravie LakshmananNetwork Security / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild.

To that end, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, 2024.

Cybersecurity

The security flaws are listed below –

  • CVE-2024-9463 (CVSS score: 9.9) – Palo Alto Networks Expedition OS Command Injection Vulnerability
  • CVE-2024-9465 (CVSS score: 9.3) – Palo Alto Networks Expedition SQL Injection Vulnerability

Successful exploitation of the vulnerabilities could allow an unauthenticated attacker to run arbitrary OS commands as root in the Expedition migration tool or reveal its database contents.

This could then pave the way for disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls, or create and read arbitrary files on the vulnerable system.

Palo Alto Networks addressed these shortcomings as part of security updates released on October 9, 2024. The company has since revised its original advisory to acknowledge that it’s “aware of reports from CISA that there is evidence of active exploitation for CVE-2024-9463 and CVE-2024-9465.”

That said, not much is known about how these vulnerabilities are being exploited, by whom, and how widespread these attacks are.

The development also came a week after CISA notified organizations of the active exploitation of CVE-2024-5910 (CVSS score: 9.3), another critical flaw affecting Expedition.

Palo Alto Networks Confirms New Flaw Under Limited Attack

Cybersecurity

Palo Alto Networks has since also confirmed that it has detected an unauthenticated remote command execution vulnerability being weaponized against a small subset of firewall management interfaces that are exposed to the internet, urging customers to secure them.

“Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the internet,” it added.

The company, which is investigating the malicious activity and has given the vulnerability a CVSS score of 9.3 (no CVE identifier), also said it’s “preparing to release fixes and threat prevention signatures as early as possible.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex