The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a now-patched important security flaw impacting Palo Alto Networks Expedition to its Identified Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation.
The vulnerability, tracked as CVE-2024-5910 (CVSS rating: 9.3), considerations a case of lacking authentication within the Expedition migration software that might result in an admin account takeover.
“Palo Alto Expedition comprises a lacking authentication vulnerability that permits an attacker with community entry to takeover an Expedition admin account and probably entry configuration secrets and techniques, credentials, and different knowledge,” CISA mentioned in an alert.
The shortcoming impacts all variations of Expedition previous to model 1.2.92, which was launched in July 2024 to plug the issue.
There are at the moment no stories on how the vulnerability is being weaponized in real-world assaults, however Palo Alto Networks has since revised its authentic advisory to acknowledge that it is “conscious of stories from CISA that there’s proof of energetic exploitation.”
Additionally added to the KEV catalog are two different flaws, together with a privilege escalation vulnerability within the Android Framework part (CVE-2024-43093) that Google disclosed this week as having come beneath “restricted, focused exploitation.”
The opposite security defect is CVE-2024-51567 (CVSS rating: 10.0), a important flaw affecting CyberPanel that permits a distant, unauthenticated attacker to execute instructions as root. The difficulty has been resolved in model 2.3.8.
In late October 2023, it emerged that the vulnerability was being exploited en masse by malicious actors to deploy PSAUX ransomware on greater than 22,000 internet-exposed CyberPanel situations, in keeping with LeakIX and a security researcher who goes by the web alias Gi7w0rm.
LeakIX additionally famous that three distinct ransomware teams have rapidly capitalized on the vulnerability, with recordsdata encrypted a number of instances in some instances.
Federal Civilian Govt Department (FCEB) businesses have been beneficial to remediate the recognized vulnerabilities by November 28, 2024, to safe their networks in opposition to energetic threats.