November 8, 2024 at 12:51AM
The U.S. CISA added a critical vulnerability in Palo Alto Networks Expedition (CVE-2024-5910) to its KEV catalog, allowing admin account takeovers. Affected versions are before 1.2.92. Two other flaws were noted, including a severe one in CyberPanel linked to PSAUX ransomware, urging federal agencies to remediate by November 28, 2024.
### Meeting Takeaways – Nov 08, 2024
**Key Highlights:**
1. **Security Flaw in Palo Alto Networks Expedition**:
– A critical vulnerability (CVE-2024-5910) was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.
– CVSS score: 9.3; allows for potential admin account takeover due to missing authentication in the Expedition migration tool.
– Affects all versions prior to 1.2.92 (released July 2024).
– Evidence suggests active exploitation exists, as confirmed by CISA and Palo Alto Networks.
2. **Additional Vulnerabilities Added**:
– **CVE-2024-43093**: A privilege escalation vulnerability in the Android Framework, reported to have undergone “limited, targeted exploitation.”
– **CVE-2024-51567**: A critical flaw in CyberPanel (CVSS score: 10.0) that allows remote command execution as root; resolved in version 2.3.8.
– Major exploitation noted with PSAUX ransomware targeting over 22,000 CyberPanel instances.
3. **Recommended Actions**:
– Federal Civilian Executive Branch (FCEB) agencies are advised to remediate these vulnerabilities by November 28, 2024, to strengthen network security against active threats.
**Social Media**: For more exclusive content, follow on Twitter and LinkedIn.