CISA flags two more major Palo Alto security issues, so patch now

CISA adds two more Palo Alto Networks Expedition flaws to KEV list

News By Sead Fadilpašić published 15 November 2024

• Two Palo Alto bugs are being abused in the wild, CISA warns
• Flaws added to KEV catalog, giving federal agencies a deadline to patch
• The bug can be abused to steal sensitive data and create arbitrary files

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new bugs to its Known Exploited Vulnerabilities (KEV) catalog, signaling in-the-wild abuse.

The bugs were found in Palo Alto Networks' Expedition migration tool, the same tool that has had a separate vulnerability added to the catalog recently.

The newly-added flaws are an unauthenticated command injection bug (CVE-2024-9463), and an SQL injection flaw (CVE-2024-9465). The former allows threat actors to run arbitrary commands as root on the operating system, thus accessing usernames, passwords in cleartext, device configurations, and API keys for PAN-OS firewalls. The latter, however, allows crooks to access the Expedition database, where password hashes, usernames, device configurations, and device API keys can be found. Furthermore, the bug allows crooks to read, or create, arbitrary files on the system.

Deadline to patch

A hotfix seems to be available already, and those worried about being exploited should bring their Expedition tool to version 1.2.96, or later. Those who cannot install the patch immediately should restrict Expedition network access to authorized users, hosts, or networks, Palo Alto Networks advised.

When a vulnerability is added to KEV, it not only means that it is being exploited in attacks, but also that federal agencies have a deadline to patch, or stop using the flawed solution altogether. That deadline is typically 21 days from the date the bug is added to the catalog.

CISA recently added CVE-2024-5910 to KEV, a bug described as a missing authentication for a critical function, which can lead to Expedition admin account takeover for crooks with network access.

Palo Alto Networks Expedition is a tool designed to simplify and automate the process of migrating and optimizing security policies for Palo Alto Networks' next-generation firewalls. It enables users to transition from legacy firewall configurations to Palo Alto Networks' security platforms while reducing manual efforts and minimizing errors.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors