Cyber Attack

Critical Security Flaws Expose Sensitive Data in Major Firewall Management Tools

ClickControl

Author

January 13, 2025

Published

Reading

Critical Security Flaws Expose Sensitive Data in Major Firewall Management Tools

Critical Security Patches Released for Multiple Network Security Products

Palo Alto Networks Addresses Expedition Migration Tool Vulnerabilities
Palo Alto Networks has issued critical security updates for its Expedition migration tool, addressing multiple vulnerabilities. The most severe flaw (CVE-2025-0103) carries a CVSS score of 7.8 and could allow authenticated attackers to access sensitive data including usernames, passwords, and device configurations.

Key Vulnerabilities:
– SQL injection vulnerability (CVE-2025-0103)
– Cross-site scripting vulnerability (CVE-2025-0104)
– File deletion vulnerability (CVE-2025-0105)
– File system enumeration flaw (CVE-2025-0106)
– OS command injection vulnerability (CVE-2025-0107)

Patches are available in versions 1.2.100 and 1.2.101. With Expedition reaching end-of-life by December 31, 2024, users are advised to restrict network access or discontinue service if unused.

SonicWall Security Updates
SonicWall has released patches for SonicOS vulnerabilities:
– Authentication bypass flaw (CVE-2024-53704, CVSS: 8.2)
– Privilege escalation vulnerability in Gen7 SonicOS Cloud platform (CVE-2024-53706, CVSS: 7.8)

Aviatrix Controller Vulnerability
A critical vulnerability (CVE-2024-50603, CVSS: 10.0) affecting Aviatrix Controller versions 7.x through 7.2.4820 has been identified. The flaw allows unauthenticated remote code execution. Updates are available in versions 7.1.4191 or 7.2.4996.

Users of affected systems are strongly encouraged to apply these security updates immediately to protect against potential exploits.

Keywords: network security vulnerabilities, security patches, Palo Alto Networks Expedition, SonicWall updates, Aviatrix Controller vulnerability, critical CVE fixes

Share This Article