A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

2 weeks ago

A personification astatine a laptop pinch a cybersecure fastener awesome floating supra it.

(Image credit: Shutterstock / laymanzoom)

A bug Palo Alto addressed past summertime is being abused successful nan wild
CISA added it to its KEV catalog, giving national agencies a deadline to patch
The bug tin beryllium abused to return complete accounts and bargain data

A captious bug recovered successful Palo Alto Networks’ Expedition programme is being abused successful nan wild, nan US authorities has warned.

The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-5910 to its Known Exploited Vulnerabilities (KEV) catalog, which intends location is grounds of maltreatment successful nan wild.

This vulnerability, discovered successful Expedition successful nan summertime of 2023, is described arsenic a “missing authentication for a captious function” bug, which tin lead to Expedition admin relationship takeover for crooks pinch web access. Since Expedition is simply a instrumentality that helps pinch configuration migration, tuning, and enrichment, it whitethorn incorporate secrets, credentials, and different data, which would past beryllium astatine consequence of theft.

Proof of concept

Users are advised to use a spot immediately, since nan vulnerability allows threat actors to return complete admin accounts, bargain delicate data, and more.

When CISA adds a vulnerability to KEV, it gives national agencies a deadline to spot it, aliases extremity utilizing nan afflicted applications completely. The owed day for Palo Alto Networks Expedition is November 28, 2024.

CISA did not stock immoderate further specifications astir nan attacks, but BleepingComputer dug up a study from Horizon3.ai, who released a proof-of-concept utilization successful October 2024. By chaining nan bug pinch CVE-2024-9464, crooks could summation unauthenticated arbitrary bid execution capabilities connected susceptible Expedition servers.

This further vulnerability was besides discovered, and patched, past month. Palo Alto Networks said it could person been utilized to return complete admin accounts successful firewalls, and return complete PAN-OS instances.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

For those incapable to instal nan spot immediately, a workaround is available, which includes restricting Expedition web entree to authorized users, hosts, and networks, only.

"All Expedition usernames, passwords, and API keys should beryllium rotated aft upgrading to nan fixed type of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should beryllium rotated aft updating," Palo Alto Networks concluded.

Via BleepingComputer

You mightiness besides like

Major Palo Alto information flaw is being exploited via Python zero-day backdoor
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology