The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday warned that two extra flaws impacting the Palo Alto Networks Expedition software program have come beneath energetic exploitation within the wild.
To that finish, it has added the vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Government Department (FCEB) businesses to use the required updates by December 5, 2024.
The security flaws are listed beneath –
- CVE-2024-9463 (CVSS rating: 9.9) – Palo Alto Networks Expedition OS Command Injection Vulnerability
- CVE-2024-9465 (CVSS rating: 9.3) – Palo Alto Networks Expedition SQL Injection Vulnerability
Profitable exploitation of the vulnerabilities might enable an unauthenticated attacker to run arbitrary OS instructions as root within the Expedition migration software or reveal its database contents.
This might then pave the way in which for disclosure of usernames, cleartext passwords, machine configurations, and machine API keys of PAN-OS firewalls, or create and browse arbitrary recordsdata on the susceptible system.
Palo Alto Networks addressed these shortcomings as a part of security updates launched on October 9, 2024. The corporate has since revised its authentic advisory to acknowledge that it is “conscious of reviews from CISA that there’s proof of energetic exploitation for CVE-2024-9463 and CVE-2024-9465.”
That stated, not a lot is thought about how these vulnerabilities are being exploited, by whom, and the way widespread these assaults are.
The event additionally got here every week after CISA notified organizations of the energetic exploitation of CVE-2024-5910 (CVSS rating: 9.3), one other important flaw affecting Expedition.
Palo Alto Networks Confirms New Flaw Beneath Restricted Attack
Palo Alto Networks has since additionally confirmed that it has detected an unauthenticated distant command execution vulnerability being weaponized towards a small subset of firewall administration interfaces which might be uncovered to the web, urging clients to safe them.
“Palo Alto Networks has noticed menace exercise exploiting an unauthenticated distant command execution vulnerability towards a restricted variety of firewall administration interfaces that are uncovered to the web,” it added.
The corporate, which is investigating the malicious exercise and has given the vulnerability a CVSS rating of 9.3 (no CVE identifier), additionally stated it is “making ready to launch fixes and menace prevention signatures as early as doable.”
