Key Points:
– CISA has identified two new critical vulnerabilities in Palo Alto Networks Expedition software:
1. CVE-2024-9463 (CVSS: 9.9) – OS Command Injection
2. CVE-2024-9465 (CVSS: 9.3) – SQL Injection
Security Impact:
– Unauthorized attackers can:
– Execute root-level OS commands
– Access database contents
– Steal usernames, passwords, and API keys
– Manipulate device configurations
– Create/read files on vulnerable systems
Critical Actions:
– Federal agencies must apply patches by December 5, 2024
– Palo Alto Networks released security updates on October 9, 2024
– Organizations should immediately secure firewall management interfaces exposed to the internet
Additional Concerns:
– A third vulnerability (CVE-2024-5910, CVSS: 9.3) was reported last week
– Palo Alto Networks confirmed limited attacks targeting firewall management interfaces
– The company is developing additional security fixes and threat prevention signatures
This situation requires immediate attention from system administrators and security teams to implement necessary patches and security measures.