Palo Alto Networks (PAN) recently issued a warning to its customers regarding a critical vulnerability in its Expedition firewall interface that is being actively exploited by cybercriminals. This vulnerability marks the fourth security flaw in the tool to come under attack within a span of just one week.
The Expedition firewall management system is a utility used by PAN to help transition new customers from their previous systems to PAN-OS. The latest bug, identified as a critical unauthenticated remote command injection vulnerability (CVE-2024-0012, CVSS 9.3), was highlighted in a security bulletin issued by the company. This bug, which lacks proper authentication checks, poses a serious risk to users.
In response to the threat, PAN has released patches to address the vulnerability. The company has urged customers to update their systems immediately to safeguard against potential exploitation. The security bulletin specifically warns against unauthorized access to firewall management interfaces exposed to the Internet.
The Cybersecurity and Infrastructure Security Agency (CISA) also added this vulnerability to its Known Exploited Vulnerabilities Catalog on November 18, underscoring the severity of the situation. PAN has been actively monitoring the exploit and reaching out to customers who may be at heightened risk due to the vulnerability.
Prior to this latest issue, two separate critical vulnerabilities in the Expedition firewall system were disclosed and added to the KEV list by CISA. These vulnerabilities, an OS command injection flaw (CVE-2024-9463) and an SQL injection flaw (CVE-2024-9465), presented significant risks to users and were swiftly addressed by PAN.
Despite these efforts, cybersecurity experts emphasize the importance of promptly addressing any vulnerabilities in firewall systems. Ray Kelly, a cybersecurity expert, warned that vulnerabilities like OS commanding and SQL injection can have serious consequences if left unchecked.
PAN has reassured customers that its Prisma Access and Cloud NGFW products are not affected by the current vulnerability. Additionally, the company announced last summer that the Expedition system is being phased out and will no longer be supported after January 2025.
With the ongoing threat of cyberattacks targeting vulnerable systems, PAN and other cybersecurity firms are working diligently to ensure the security of their customers. By promptly applying patches and following best practices for system security, users can help mitigate the risks associated with these exploitable vulnerabilities.