The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about active exploitation of multiple critical Palo Alto Networks vulnerabilities and these vulnerabilities were detected in Palo Alto Networks’ Expedition migration tool.
The agency has added two high-severity flaws to its Known Exploited Vulnerabilities (KEV) catalog, signaling an immediate threat to organizations using the affected software.
The vulnerabilities in question are CVE-2024-9463, an OS command injection flaw, and CVE-2024-9465, an SQL injection vulnerability. Both carry critical severity ratings with CVSS scores of 9.9 and 9.2, respectively.
These security holes allow unauthenticated attackers to execute arbitrary commands with root privileges and access sensitive information, including usernames, passwords, device configurations, and API keys of PAN-OS firewalls.
Palo Alto Networks released patches for these vulnerabilities in October 2024, affecting Expedition versions prior to 1.2.96. However, CISA’s alert indicates that despite the availability of fixes, malicious actors are actively exploiting these weaknesses in the wild.
Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)
Vulnerabilities In The KEV
The inclusion of these vulnerabilities in the KEV catalog underscores the urgency of the situation. Federal Civilian Executive Branch (FCEB) agencies are now required to remediate these vulnerabilities by November 28, 2024, as mandated by Binding Operational Directive (BOD).
While the directive applies specifically to federal agencies, CISA strongly urges all organizations to prioritize patching these vulnerabilities immediately. The potential impact of successful exploitation is severe, potentially leading to full system compromise and unauthorized access to critical network infrastructure.
Security researchers have already published proof-of-concept exploits for some of the Expedition vulnerabilities, further increasing the risk of widespread attacks. Organizations are advised to not only patch their systems but also to conduct thorough security assessments to identify any potential compromises.
In addition to patching, CISA recommends implementing additional security measures such as restricting network access to Expedition systems, enforcing strong authentication mechanisms, and monitoring for suspicious activities.
If immediate patching is not possible, organizations should consider temporarily disabling Expedition if it’s not critical for operations.
This incident serves as a stark reminder of the ongoing cat-and-mouse game between cybersecurity professionals and malicious actors. It highlights the critical importance of prompt patching and proactive vulnerability management in maintaining a robust security posture.
As cyber threats continue to evolve, organizations must remain vigilant and responsive to protect their digital assets and sensitive information.
Analyze Unlimited Phishing & Malware with ANY.RUN For Free - 14 Days Free Trial.