1. Forum
  2. tqwNet
  3. TQW GENTECH

  • CISA flags two more major Palo Alto security issues, so patch now

    From TechnologyDaily@1337:1/100 to All on Friday, November 15, 2024 14:45:05
    CISA flags two more major Palo Alto security issues, so patch now

    Date:
    Fri, 15 Nov 2024 14:40:00 +0000

    Description:
    CISA adds two more Palo Alto Networks Expedition flaws to KEV, and urges
    users to patch.

    FULL STORY ======================================================================Two
    Palo Alto bugs are being abused in the wild, CISA warns Flaws added to KEV catalog, giving federal agencies a deadline to patch The bug can be abused to steal sensitive data and create arbitrary files

    The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new bugs to its Known Exploited Vulnerabilities (KEV) catalog, signaling in-the-wild abuse.

    The bugs were found in Palo Alto Networks' Expedition migration tool, the
    same tool that has had a separate vulnerability added to the catalog recently .

    The newly-added flaws are an unauthenticated command injection bug (CVE-2024-9463), and an SQL injection flaw (CVE-2024-9465). The former allows threat actors to run arbitrary commands as root on the operating system, thus accessing usernames, passwords in cleartext, device configurations, and API keys for PAN-OS firewalls. The latter, however, allows crooks to access the Expedition database, where password hashes, usernames, device configurations, and device API keys can be found. Furthermore, the bug allows crooks to read, or create, arbitrary files on the system. Deadline to patch

    A hotfix seems to be available already, and those worried about being exploited should bring their Expedition tool to version 1.2.96, or later. Those who cannot install the patch immediately should restrict Expedition network access to authorized users, hosts, or networks, Palo Alto Networks advised.

    When a vulnerability is added to KEV, it not only means that it is being exploited in attacks, but also that federal agencies have a deadline to
    patch, or stop using the flawed solution altogether. That deadline is typically 21 days from the date the bug is added to the catalog.

    CISA recently added CVE-2024-5910 to KEV, a bug described as a missing authentication for a critical function, which can lead to Expedition admin account takeover for crooks with network access.

    Palo Alto Networks Expedition is a tool designed to simplify and automate the process of migrating and optimizing security policies for Palo Alto Networks' next-generation firewalls. It enables users to transition from legacy
    firewall configurations to Palo Alto Networks' security platforms while reducing manual efforts and minimizing errors.

    Via BleepingComputer You might also like Major Palo Alto security flaw is being exploited via Python zero-day backdoor Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisa-flags-two-more-major-palo-alto-sec urity-issues-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)