November 15, 2024 at 12:33AM
CISA has warned of two actively exploited vulnerabilities in Palo Alto Networks Expedition, added to its KEV catalog. Agencies must update by December 5, 2024. CVE-2024-9463 and CVE-2024-9465 could allow attackers to execute commands and access sensitive data. Palo Alto confirmed limited exploitation of these flaws.
### Meeting Takeaways – November 15, 2024
1. **CISA Warning on Vulnerabilities**:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned about active exploitation of two vulnerabilities in Palo Alto Networks Expedition.
– These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.
2. **Vulnerabilities Identified**:
– **CVE-2024-9463**: OS Command Injection Vulnerability (CVSS score: 9.9)
– **CVE-2024-9465**: SQL Injection Vulnerability (CVSS score: 9.3)
– Exploitation may allow attackers to run arbitrary commands and access sensitive data.
3. **Impact of Exploitation**:
– Potential exposure of usernames, passwords, device configurations, and API keys.
– Risk of unauthorized file creation and access on compromised systems.
4. **Action Required**:
– Federal Civilian Executive Branch (FCEB) agencies must apply updates by **December 5, 2024**.
5. **Palo Alto Networks Updates**:
– Security updates were released on **October 9, 2024** to address these vulnerabilities.
– The company is aware of active exploitation and is investigating reported activity.
6. **Additional Flaw**:
– A separate vulnerability (not assigned a CVE identifier) related to unauthenticated remote command execution has been observed, particularly affecting exposed firewall management interfaces.
– Risk level assessed at CVSS score of 9.3, with urgency for customers to secure their interfaces.
7. **Future Actions by Palo Alto Networks**:
– The company is preparing to release fixes and threat prevention signatures soon.
### Conclusion:
Immediate attention is required for updating systems affected by the identified vulnerabilities to mitigate potential exploitation. Monitoring for security updates from Palo Alto Networks is advised.