КућаСецурити АрцхитецтуреU.S. Agency CISA Warns About Palo Alto Networks Vulnerability Endangering Federal Systems

U.S. Agency CISA Warns About Palo Alto Networks Vulnerability Endangering Federal Systems

Објављено на

spot_img

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert concerning a critical vulnerability in the widely used tool, Palo Alto Networks’ Expedition. This tool assists organizations in migrating firewall configurations from vendors like Checkpoint and Cisco to Palo Alto’s PAN-OS system. The flaw, known as CVE-2024-5910, impacts Expedition versions that have been patched as of July. However, unpatched versions are still susceptible to exploitation by cyber attackers.

This vulnerability allows attackers to remotely reset administrative credentials on servers where Expedition is accessible via the internet. Exploiting this missing authentication check enables unauthorized access to the Expedition tool, potentially granting control over configuration data, sensitive credentials, and other stored information.

Recently, Horizon3.ai researcher Zach Hanley demonstrated how this vulnerability could be combined with another flaw, CVE-2024-9464, a command injection vulnerability patched last month. By chaining these flaws, attackers could execute arbitrary commands on vulnerable Expedition servers without authentication, giving them the ability to manipulate firewall settings and compromise networks.

In response to these threats, CISA has included this vulnerability in its Known Exploited Vulnerabilities Catalog. U.S. federal agencies are required to secure their vulnerable Expedition servers against potential attacks by November 28, following a directive issued in November 2021 (BOD 22-01). This directive underscores the urgency of addressing such vulnerabilities, as they often serve as entry points for malicious cyber activities targeting critical systems.

Palo Alto Networks has also released advisories, recommending users to rotate usernames, passwords, and API keys associated with the Expedition tool and PAN-OS firewalls after any updates. For users who are unable to immediately apply security patches, CISA advises restricting network access to Expedition servers to mitigate risks.

The alert from CISA emphasizes the ongoing threats posed by missing or inadequate authentication mechanisms in widely used cybersecurity tools. Organizations are urged to act quickly to secure their networks against potential exploitation of this vulnerability.

As the cybersecurity landscape continues to evolve, it is crucial for organizations to stay vigilant and prioritize the security of their systems and data. By taking proactive measures to address known vulnerabilities and following best practices in cybersecurity, organizations can better protect themselves against cyber threats and safeguard their critical assets.

Follow The420.in on Telegram, Facebook, Twitter, LinkedIn, Instagram, and YouTube for the latest updates and news on cybersecurity and cybercrime.

Извор линк

Најновији чланци

Canadians Projected to Be Defrauded of Over $569M in 2024

In 2024, Canadian banks have experienced a significant decrease in reported fraud cases compared...

US Department of Defense Finalizes Cyber Rules for Suppliers

The Department of Defense (DoD) has faced pressure to adopt a more flexible approach...

CRON#TRAP Campaign Targets Windows Machine using Weaponized Linux Virtual Machine

A recent cybersecurity campaign has caught the attention of Securonix researchers, who discovered a...

New Malware Campaign Targets Windows Users via Gaming Apps

Cybersecurity experts have recently discovered a new strain of malware, Winos4.0, that is being...

Више овако

Canadians Projected to Be Defrauded of Over $569M in 2024

In 2024, Canadian banks have experienced a significant decrease in reported fraud cases compared...

US Department of Defense Finalizes Cyber Rules for Suppliers

The Department of Defense (DoD) has faced pressure to adopt a more flexible approach...

CRON#TRAP Campaign Targets Windows Machine using Weaponized Linux Virtual Machine

A recent cybersecurity campaign has caught the attention of Securonix researchers, who discovered a...
sr_RSSerbian