Headline
CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that
Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that could lead to an admin account takeover.
“Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data,” CISA said in an alert.
The shortcoming impacts all versions of Expedition prior to version 1.2.92, which was released in July 2024 to plug the problem.
There are currently no reports on how the vulnerability is being weaponized in real-world attacks, but Palo Alto Networks has since revised its original advisory to acknowledge that it’s “aware of reports from CISA that there is evidence of active exploitation.”
Also added to the KEV catalog are two other flaws, including a privilege escalation vulnerability in the Android Framework component (CVE-2024-43093) that Google disclosed this week as having come under “limited, targeted exploitation.”
The other security defect is CVE-2024-51567 (CVSS score: 10.0), a critical flaw affecting CyberPanel that allows a remote, unauthenticated attacker to execute commands as root. The issue has been resolved in version 2.3.8.
In late October 2023, it emerged that the vulnerability was being exploited en masse by malicious actors to deploy PSAUX ransomware on more than 22,000 internet-exposed CyberPanel instances, according to LeakIX and a security researcher who goes by the online alias Gi7w0rm.
LeakIX also noted that three distinct ransomware groups have quickly capitalized on the vulnerability, with files encrypted multiple times in some cases.
Federal Civilian Executive Branch (FCEB) agencies have been recommended to remediate the identified vulnerabilities by November 28, 2024, to secure their networks against active threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Google has released patches for two zero-days and a lot of other high level vulnerabilities.
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories,
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication