Cyber security news for all

More

    CISA Warns of Ongoing Exploits Targeting Critical Vulnerability in Palo Alto Networks’ Expedition Tool

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding an actively exploited security flaw in Palo Alto Networks’ Expedition tool, adding it to its Known Exploited Vulnerabilities (KEV) catalog on Thursday. This vulnerability, identified as CVE-2024-5910 with a critical CVSS score of 9.3, allows attackers to hijack administrative accounts due to a missing authentication mechanism in the Expedition migration tool.

    According to CISA, “Palo Alto Expedition contains a missing authentication vulnerability that permits attackers with network access to seize control of an Expedition admin account, potentially exposing configuration secrets, credentials, and other sensitive data.”

    This vulnerability affects all versions of Expedition released before version 1.2.92, which Palo Alto Networks published in July 2024 to resolve this security gap. Though no specific attack methods have been reported in the wild, Palo Alto Networks has since updated its advisory, confirming awareness of active exploitation evidence as reported by CISA.

    Two additional vulnerabilities have also been added to CISA’s KEV catalog. The first, CVE-2024-43093, is a privilege escalation flaw in the Android Framework, which Google recently disclosed has been exploited in limited, targeted attacks. The second, CVE-2024-51567, carries a CVSS score of 10.0 and impacts CyberPanel, allowing unauthenticated remote attackers to execute commands with root privileges. This CyberPanel vulnerability, patched in version 2.3.8, has already been exploited on a large scale, with over 22,000 CyberPanel instances compromised by ransomware known as PSAUX, according to LeakIX and security researcher Gi7w0rm.

    LeakIX further observed that three different ransomware groups have exploited this vulnerability, with some files being encrypted multiple times by separate actors.

    Federal Civilian Executive Branch (FCEB) agencies are advised to address these vulnerabilities by November 28, 2024, to mitigate the risks associated with these active cyber threats.

    Recent Articles

    Related Stories