At the moment, CISA warned that attackers are exploiting a important lacking authentication vulnerability in Palo Alto Networks Expedition, a migration device that may assist convert firewall configuration from Checkpoint, Cisco, and different distributors to PAN-OS.
This safety flaw, tracked as CVE-2024-5910, was patched in July, and menace actors can remotely exploit it to reset utility admin credentials on Web-exposed Expedition servers.
“Palo Alto Expedition incorporates a lacking authentication vulnerability that permits an attacker with community entry to takeover an Expedition admin account and doubtlessly entry configuration secrets and techniques, credentials, and different knowledge,” CISA says.
Whereas the cybersecurity company has but to offer extra particulars on these assaults, Horizon3.ai vulnerability researcher Zach Hanley launched a proof-of-concept exploit in October that may assist chain this admin reset flaw with a CVE-2024-9464 command injection vulnerability (patched final month) to realize “unauthenticated” arbitrary command execution on susceptible Expedition servers.
CVE-2024-9464 could be chained with different safety flaws (additionally addressed by Palo Alto Networks in October) to take over firewall admin accounts and hijack PAN-OS firewalls.
Admins who cannot instantly set up safety updates to dam incoming assaults are suggested to limit Expedition community entry to licensed customers, hosts, or networks.
“All Expedition usernames, passwords, and API keys needs to be rotated after upgrading to the fastened model of Expedition. All firewall usernames, passwords, and API keys processed by Expedition needs to be rotated after updating,” the corporate cautions.
Palo Alto Networks has but to replace its safety advisory to warn prospects of ongoing CVE-2024-5910 assaults.
CISA additionally added the vulnerability to its Identified Exploited Vulnerabilities Catalog on Thursday. As required by the binding operational directive (BOD 22-01) issued in November 2021, U.S. federal businesses should now safe susceptible Palo Alto Networks Expedition servers on their networks in opposition to assaults inside three weeks, by November 28.
“Most of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose important dangers to the federal enterprise,” the cybersecurity company warned.