Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

CISA flags two more major Palo Alto security issues, so patch now

A person at a laptop with a cybersecure lock symbol floating above it.

  • Two Palo Alto bugs are being abused in the wild, CISA warns
  • Flaws added to KEV catalog, giving federal agencies a deadline to patch
  • The bug can be abused to steal sensitive data and create arbitrary files

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new bugs to its Known Exploited Vulnerabilities (KEV) catalog, signaling in-the-wild abuse.

The bugs were found in Palo Alto Networks' Expedition migration tool, the same tool that has had a separate vulnerability added to the catalog recently.

The newly-added flaws are an unauthenticated command injection bug (CVE-2024-9463), and an SQL injection flaw (CVE-2024-9465). The former allows threat actors to run arbitrary commands as root on the operating system, thus accessing usernames, passwords in cleartext, device configurations, and API keys for PAN-OS firewalls. The latter, however, allows crooks to access the Expedition database, where password hashes, usernames, device configurations, and device API keys can be found. Furthermore, the bug allows crooks to read, or create, arbitrary files on the system.

Deadline to patch

A hotfix seems to be available already, and those worried about being exploited should bring their Expedition tool to version 1.2.96, or later. Those who cannot install the patch immediately should restrict Expedition network access to authorized users, hosts, or networks, Palo Alto Networks advised.

When a vulnerability is added to KEV, it not only means that it is being exploited in attacks, but also that federal agencies have a deadline to patch, or stop using the flawed solution altogether. That deadline is typically 21 days from the date the bug is added to the catalog.

CISA recently added CVE-2024-5910 to KEV, a bug described as a missing authentication for a critical function, which can lead to Expedition admin account takeover for crooks with network access.

Palo Alto Networks Expedition is a tool designed to simplify and automate the process of migrating and optimizing security policies for Palo Alto Networks' next-generation firewalls. It enables users to transition from legacy firewall configurations to Palo Alto Networks' security platforms while reducing manual efforts and minimizing errors.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.