Palo Alto Networks, a leading cybersecurity company, has issued an urgent warning to its customers about critical vulnerabilities in its Expedition solution that could allow attackers to hijack PAN-OS firewalls.
Palo Alto urges users to patch these security flaws immediately, as public exploit code is already available.
The vulnerabilities were found in Palo Alto Networks’ Expedition solution, which migrates configurations from other vendors’ firewalls.
These flaws can be exploited to access sensitive data, including user credentials, potentially leading to a complete takeover of firewall admin accounts.
The most severe vulnerability, CVE-2024-9463, has a CVSS score of 9.9 out of 10, indicating its critical nature.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
This flaw allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in the disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Other significant vulnerabilities include:
- CVE-2024-9464 (CVSS 9.3): An authenticated command injection vulnerability.
- CVE-2024-9465 (CVSS 9.2): An unauthenticated SQL injection vulnerability.
- CVE-2024-9466 (CVSS 8.2): A cleartext storage of sensitive information vulnerability.
- CVE-2024-9467 (CVSS 7.0): A reflected cross-site scripting (XSS) vulnerability.
Security researcher Zach Hanley from Horizon3.ai, who discovered four of these vulnerabilities, has published a root cause analysis and a proof-of-concept exploit.
The exploit chains the CVE-2024-5910 admin reset flaw with the CVE-2024-9464 command injection vulnerability to gain unauthenticated arbitrary command execution on vulnerable Expedition servers.
Palo Alto Networks has released fixes for all listed issues in Expedition version 1.2.96 and later. The company strongly recommends that all Expedition usernames, passwords, and API keys be rotated after upgrading to the fixed version.
Additionally, all firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.
For administrators who cannot immediately deploy the security updates, Palo Alto Networks advises restricting Expedition network access to authorized users, hosts, or networks.
No Evidence of Exploitation in the Wild
As of now, Palo Alto Networks states that there is no evidence of these security flaws being exploited in attacks. However, given the availability of public exploit code, the risk of exploitation is significant.
Organizations using Palo Alto Networks’ Expedition solution should take immediate action to mitigate these vulnerabilities and protect their network infrastructure from potential attacks.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar