CISA flags two more major Palo Alto security issues, so patch now
- Two Palo Alto insects are being abused in the wild, CISA warns
- Added flaws to the KEV catalog, giving federal agencies a deadline to patch
- The bug can be exploited to steal sensitive data and create arbitrary files
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new bugs to the Known Exploited Vulnerabilities (KEV) catalog, which indicate exploitation in the wild.
The bugs were found in Palo Alto Networks’ Expedition migration tool, the same tool that recently had a separate vulnerability added to its catalog.
The newly added bugs are an unauthenticated command injection bug (CVE-2024-9463) and an SQL injection bug (CVE-2024-9465). The former allows threat actors to execute arbitrary commands as root on the operating system, gaining access to usernames, plaintext passwords, device configurations, and API keys for PAN-OS firewalls. However, the latter gives criminals access to the Expedition database, where password hashes, usernames, device configurations, and device API keys can be found. Furthermore, the bug allows criminals to read or create arbitrary files on the system.
Patching deadline
There appears to be a hotfix already available, and those concerned about exploitation should update their expedition tool to version 1.2.96 or higher. Those who cannot immediately install the patch should restrict access to the Expedition network to authorized users, hosts or networks, Palo Alto Networks advised.
When a vulnerability is added to KEV, it not only means that it will be exploited in attacks, but also that federal agencies have a deadline to patch the flawed solution or stop it altogether. That deadline is typically 21 days from the date the bug is added to the catalog.
CISA recently added CVE-2024-5910 to KEV, a bug described as a missing authentication for a critical function, which could lead to the takeover of Expedition administrator accounts by scammers with network access.
Palo Alto Networks Expedition is a tool designed to simplify and automate the process of migrating and optimizing security policies for Palo Alto Networks next generation firewalls. It enables users to move from legacy firewall configurations to Palo Alto Networks security platforms while reducing manual efforts and minimizing errors.
Via BleepingComputer