The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent warnings regarding two critical vulnerabilities currently being exploited in the wild.
These security flaws affect Palo Alto Networks’ Expedition tool and Google’s Android operating system, potentially exposing countless devices and networks to serious threats.
CISA has alerted users to a critical missing authentication vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a migration tool that converts firewall configurations from various vendors to PAN-OS.
This flaw allows attackers with network access to take over an Expedition admin account, potentially accessing sensitive configuration secrets, credentials, and other critical data.
Challenges that MDR can help you resolve -> Get a Free Guide
The vulnerability, patched in July, affects Expedition versions prior to 1.2.92. Threat actors can exploit this flaw to reset application admin credentials on Internet-exposed Expedition servers.
CISA has added CVE-2024-5910 to its Known Exploited Vulnerabilities Catalog, mandating U.S. federal agencies to secure vulnerable servers by November 28.
Simultaneously, Google has disclosed an actively exploited vulnerability (CVE-2024-43093) in the Android operating system.
This privilege escalation flaw in the Android Framework component allows unauthorized access to sensitive directories such as “Android/data,” “Android/obb,” and “Android/sandbox,” along with their subdirectories.
This vulnerability affects Android versions 12, 13, 14, and 15 and poses a significant risk to a wide range of devices across the Android ecosystem.
Google has confirmed evidence of limited, targeted exploitation, emphasizing the critical need for users to apply the latest security updates.
These vulnerabilities underscore the ongoing challenges in cybersecurity and the importance of prompt patching. For Palo Alto Networks customers, it’s crucial to restrict Expedition network access to authorized users, hosts, or networks, and to rotate all usernames, passwords, and API keys after upgrading to the fixed version.
Android users are strongly advised to install the November 2024 security update as soon as possible. This update addresses not only CVE-2024-43093 but also another actively exploited vulnerability, CVE-2024-43047, which affects Qualcomm chipsets.
As these vulnerabilities are already being exploited in targeted attacks, the cybersecurity community emphasizes the urgency of applying these patches. Delaying updates leaves devices and networks exposed to potential compromise, data theft, and other malicious activities.
Both organizations and individual users must prioritize cybersecurity hygiene, including regular system updates and vigilant monitoring for potential threats. As the digital landscape continues to evolve, staying informed and proactive remains crucial in safeguarding against emerging cyber threats.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!