Cyber Crime
U.S. Agency CISA Warns: Palo Alto Networks Vulnerability Puts Federal Systems at Risk
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical security flaw in Palo Alto Networks’ Expedition tool. This vulnerability, which has been exploited in recent attacks, allows unauthorized access to sensitive information on exposed servers, posing serious risks to both federal and private networks.
Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued a high-priority alert regarding a critical vulnerability in Palo Alto Networks’ Expedition, a widely used tool that aids organizations in migrating firewall configurations from other vendors, such as Checkpoint and Cisco, to Palo Alto’s PAN-OS system. This flaw, officially identified as CVE-2024-5910, affects Expedition versions that were patched in July; however, unpatched versions remain susceptible to exploitation by cyber attackers.
The flaw allows attackers to remotely reset administrative credentials on servers where Expedition is accessible via the internet. By exploiting this missing authentication check, attackers can gain unauthorized access to the Expedition tool, potentially leading to control over configuration data, sensitive credentials, and other stored information.
CISA’s warning highlights that Horizon3.ai researcher Zach Hanley recently demonstrated how this vulnerability could be combined with another flaw, CVE-2024-9464, a command injection vulnerability patched last month. By chaining these flaws, attackers could execute arbitrary commands on vulnerable Expedition servers without authentication, allowing them to manipulate firewall settings and compromise networks.
CISA has now added this vulnerability to its Known Exploited Vulnerabilities Catalog, emphasizing that U.S. federal agencies are mandated to secure their vulnerable Expedition servers against potential attacks by November 28, as per a directive from November 2021 (BOD 22-01). This urgency reflects the high-risk nature of such vulnerabilities, which often serve as entry points for malicious cyber activities targeting critical systems.
Palo Alto Networks has also issued advisories, recommending all users rotate usernames, passwords, and API keys associated with the Expedition tool and PAN-OS firewalls following any updates. For those unable to immediately apply security patches, the cybersecurity agency advises restricting network access to the Expedition servers to mitigate risks.
CISA’s alert underscores the ongoing threats posed by missing or inadequate authentication mechanisms in widely used cybersecurity tools, urging organizations to act quickly in securing their networks against potential exploitation of this vulnerability.
Follow The420.in on
Telegram, Facebook, Twitter, LinkedIn, Instagram and YouTube