Palo Alto Networks Expedition, a migration tool that can assist in converting firewall settings from Checkpoint, Cisco, and other vendors to PAN-OS, has a severe missing authentication vulnerability that attackers are taking advantage of, according to a warning issued by CISA today.
Threat actors can remotely reset application admin credentials on Internet-exposed Expedition servers by exploiting this security hole, which was addressed in July and is known as CVE-2024-5910.
“Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data,” CISA says.
Horizon3.ai vulnerability researcher Zach Hanley published a proof-of-concept exploit in October that can help chain this admin reset flaw with a CVE-2024-9464 command injection vulnerability (patched last month) to gain “unauthenticated” arbitrary command execution on vulnerable Expedition servers, though the cybersecurity agency has not yet disclosed more information about these attacks.
It is possible to take over firewall admin accounts and take over PAN-OS firewalls by chaining CVE-2024-9464 with additional security weaknesses (which Palo Alto Networks also fixed in October).
It is recommended that administrators limit access to the Expedition network to approved users, hosts, or networks if they are unable to deploy security updates right away to stop incoming assaults.
“All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating,” the company cautions.
The security advisory issued by Palo Alto Networks to alert users to the ongoing CVE-2024-5910 attacks has not yet been updated.
On Thursday, CISA also included the vulnerability in its catalog of known exploited vulnerabilities. The binding operational directive (BOD 22-01) published in November 2021 now requires U.S. federal organizations to protect their networks from assaults on vulnerable Palo Alto Networks Expedition servers within three weeks, by November 28.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the cybersecurity agency warned.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.