The Cybersecurity and Infrastructure Safety Company (CISA) has issued an pressing alert and added two new vulnerabilities associated to Palo Alto Networks to its Identified Exploited Vulnerabilities Catalog.
These vulnerabilities, CVE-2024-9463 and CVE-2024-9465, are reportedly actively exploited by malicious cyber actors. CISA emphasizes that each vulnerabilities pose important dangers, significantly to federal techniques.
CVE-2024-9463: Palo Alto Networks Expedition OS Command Injection Vulnerability
The primary vulnerability, CVE-2024-9463, is an OS Command Injection flaw in Palo Alto Networks’ Expedition device, which may enable attackers to execute arbitrary code on the affected system.
This kind of vulnerability is especially harmful as a result of it grants menace actors the flexibility to take management of a system and launch additional assaults, escalating their entry throughout the community.
Free Final Steady Safety Monitoring Information - Obtain Right here (PDF)
CVE-2024-9465: Palo Alto Networks Expedition SQL Injection Vulnerability
The second vulnerability, CVE-2024-9465, is an SQL Injection vulnerability in the identical Expedition device.
This flaw permits attackers to govern database queries, doubtlessly stealing, modifying, or deleting delicate information.
SQL Injection vulnerabilities are a standard assault vector for cybercriminals, making this a important difficulty for organizations utilizing the impacted variations of Expedition.
Federal Civilian Govt Department (FCEB) companies are required to handle these vulnerabilities by the established deadlines.
The Identified Exploited Vulnerabilities Catalog, created by BOD 22-01, is a dynamic record that serves as a important useful resource for organizations trying to mitigate cyber dangers.
It consists of vulnerabilities which are actively exploited and pose a major menace to federal networks.
Whereas BOD 22-01 instantly applies to federal companies, CISA strongly urges all organizations, each private and non-private, to prioritize the well timed remediation of vulnerabilities listed within the catalog.
Organizations ought to incorporate these steps as a part of their complete vulnerability administration methods to scale back publicity to cyberattacks.
Analyze Limitless Phishing & Malware with ANY.RUN For Free - 14 Days Free Trial.