Two more critical security vulnerabilities were reportedly discovered in Palo Alto Networks’ Expedition migration tool, according to CISA.
The U.S. Cybersecurity Agency (CISA) is warning of two critical security vulnerabilities in Palo Alto Networks‘ Expedition migration tool that are currently being actively exploited. These vulnerabilities allow attackers to hack unpatched systems running the company’s Expedition migration tool. Palo Alto Networks is now sending out security updates to address these issues.
Two vulnerabilities
CISA warns of two new vulnerabilities in Palo Alto Networks’ Expedition migration tool. The first vulnerability CVE-2024-9463 allows attackers to execute arbitrary OS commands as root. This means sensitive information is exposed including usernames, passwords, device configurations and device API keys. The second vulnerability CVE-2024-9465 allows attackers to access the contents of the Expedition database. In addition, they can also create or read arbitrary files on vulnerable systems.
read also
Cognizant and Palo Alto Networks join forces for AI-driven cybersecurity
“Multiple vulnerabilities in Palo Alto Networks Expedition allow an attacker to read the contents of the Expedition database and arbitrary files, and write arbitrary files to temporary storage locations on the Expedition system. Combined, these include information such as usernames, plain text passwords, device configurations and device API keys from PAN-OS firewalls.”
Palo Alto Networks is now sending out several security updates to address these issues in Expedition 1.2.96 and above. Administrators who cannot immediately update the software are urged to restrict access to the Expedition network to authorized users.