November 18, 2024 at 12:24PM
Palo Alto Networks (PAN) issued a warning about a critical remote code execution vulnerability (CVE-2024-0012) in its Expedition firewall, marking the fourth exploit in a week. The company recommends patching systems and limiting management interface access. Over 8,700 vulnerable instances were reported. Expedition will be unsupported after January 2025.
### Meeting Takeaways: Palo Alto Networks Critical Vulnerabilities
1. **Critical Vulnerability Alert:**
– Palo Alto Networks (PAN) issued a warning regarding a critical unauthenticated remote code execution (RCE) vulnerability in its Expedition firewall interface (CVE-2024-0012, CVSS 9.3).
– This marks the fourth vulnerability under active exploitation within a week.
2. **Details on Expedition Tool:**
– Expedition is a firewall management tool that assists new customers in transitioning to PAN-OS.
– The identified vulnerabilities have exposed a limited number of firewall management interfaces to internet threats.
3. **Recent Vulnerabilities:**
– Two additional critical vulnerabilities were added to the CISA Known Exploited Vulnerabilities Catalog on Nov. 14:
– OS command injection (CVE-2024-9463, CVSS 9.9).
– SQL injection (CVE-2024-9465, CVSS 9.2).
– Another vulnerability (CVE-2024-5910) related to missing authentication was added previously.
4. **Recommended Actions for Customers:**
– Customers should patch their systems immediately.
– Access to the management interface should be restricted to trusted internal IPs and not exposed to the public Internet.
5. **Exposed Systems Statistics:**
– As of Nov. 14, over 8,700 PAN-OS management systems were vulnerable and connected to the Internet, down from 11,000 before the Nov. 8 bulletin.
6. **PAN’s Ongoing Commitment:**
– PAN emphasizes customer security as a top priority and is actively monitoring and supporting customers who may be at risk.
7. **Expert Commentary:**
– Cybersecurity experts highlight that OS command injection and SQL injection are among the most severe software vulnerabilities and can be easily detected.
8. **Future Outlook:**
– PAN announced that Expedition will be phased out and unsupported after January 2025.
### Summary
PAN Networks is actively addressing critical vulnerabilities in its Expedition firewall management tool, urging customers to apply patches and secure their systems against public internet exposure. The company is committed to customer security amidst increasing threat activity and emphasizes the importance of addressing these vulnerabilities promptly.