CISA warns of significant Palo Alto Networks computer virus exploited in attacks
TECHNOLOGY

CISA warns of significant Palo Alto Networks computer virus exploited in attacks

Photo of Digital Author Digital Author Send an email 8 hours ago
0 0 1 minute read

Palo Alto Networks

On the present time, CISA warned that attackers are exploiting a significant lacking authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can again convert firewall configuration from Checkpoint, Cisco, and diverse vendors to PAN-OS.

This security flaw, tracked as CVE-2024-5910, was as soon as patched in July, and possibility actors can remotely exploit it to reset utility admin credentials on Web-uncovered Expedition servers.

“Palo Alto Expedition comprises a lacking authentication vulnerability that enables an attacker with network get actual of entry to to takeover an Expedition admin legend and potentially get actual of entry to configuration secrets and ideas, credentials, and diverse recordsdata,” CISA says.

While the cybersecurity company has but to fabricate extra facts on these attacks, Horizon3.ai vulnerability researcher Zach Hanley released a proof-of-theory exploit in October that can again chain this admin reset flaw with a CVE-2024-9464 represent injection vulnerability (patched closing month) to get “unauthenticated” arbitrary represent execution on weak Expedition servers.

CVE-2024-9464 will also be chained with diverse security flaws (additionally addressed by Palo Alto Networks in October) to determine over firewall admin accounts and hijack PAN-OS firewalls.

Admins who can not right away install security updates to dam incoming attacks are suggested to restrict Expedition network get actual of entry to to authorized customers, hosts, or networks.

“All Expedition usernames, passwords, and API keys desires to be rotated after upgrading to the mounted model of Expedition. All firewall usernames, passwords, and API keys processed by Expedition desires to be rotated after updating,” the firm cautions.

Palo Alto Networks has but to interchange its security advisory to warn customers of ongoing CVE-2024-5910 attacks.

CISA additionally added the vulnerability to its Identified Exploited Vulnerabilities Catalog on Thursday. As required by the binding operational directive (BOD 22-01) issued in November 2021, U.S. federal companies must now win weak Palo Alto Networks Expedition servers on their networks in opposition to attacks inside of three weeks, by November 28.

“All these vulnerabilities are frequent attack vectors for malicious cyber actors and pose indispensable risks to the federal enterprise,” the cybersecurity company warned.

Photo of Digital Author Digital Author Send an email 8 hours ago
0 0 1 minute read
Photo of Digital Author

Digital Author

Related Articles

Your doctor would possibly well perchance presumably even indulge in an AI assistant taking notes throughout your subsequent Zoom name

Your doctor would possibly well perchance presumably even indulge in an AI assistant taking notes throughout your subsequent Zoom name

8 hours ago
NYT Strands as of late — hints, answers and spangram for Friday, November 8 (game #250)

NYT Strands as of late — hints, answers and spangram for Friday, November 8 (game #250)

8 hours ago
NYT Connections as of late — hints and answers for Friday, November 8 (sport #516)

NYT Connections as of late — hints and answers for Friday, November 8 (sport #516)

8 hours ago
Quordle at present – hints and solutions for Friday, November 8 (game #1019)

Quordle at present – hints and solutions for Friday, November 8 (game #1019)

8 hours ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button