Palo Alto Networks' customer transfer tool compromised by three critical vulnerabilities being exploited.
In a recent development, two vulnerabilities in Palo Alto Networks' Expedition tool, identified as CVE-2024-9463 and CVE-2024-9465, are being actively exploited. These vulnerabilities, which allow unauthenticated remote attacks, have been added to the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog, indicating that exploitation is not only possible but observed in the wild.
CVE-2024-9463, an OS command injection vulnerability, has a CVSS score of 9.9, while CVE-2024-9465, an SQL injection vulnerability, has a CVSS score of 9.2. These high scores reflect the severity of these vulnerabilities, making them a significant concern for cybersecurity professionals.
Palo Alto Networks has released patches and advisories addressing these vulnerabilities as part of their regular security updates. The company strongly urges customers to apply these patches to mitigate the risk of exploitation. The addition of these CVEs to the KEV catalog by CISA further underscores the urgency of patching, as it signals that government agencies are tracking active abuse of these flaws.
For customers who are unable to update the software immediately, Palo Alto Networks advises turning off the Expedition tool as a temporary measure. However, it is crucial to apply the patches as soon as possible to ensure full protection.
Palo Alto Networks has fixed the vulnerabilities in Expedition version 1.2.96 and all later versions. The company did not disclose when it became aware of the exploitation or how many customers are currently impacted.
In a statement, Steven Thai, senior manager of global crisis communications and reputation management at Palo Alto Networks, emphasised the company's commitment to the safety and security of its customers and partners. Thai also acknowledged the report published by CISA regarding the active exploitation of CVE-2024-9463 and CVE-2024-9465.
It is worth noting that these exploits are occurring during a period of heightened competition, with Palo Alto Networks attempting to attract customers away from competitors with an initiative that includes deferred billings and other incentives.
Palo Alto Networks plans to stop supporting Expedition in January and move the functionalities of the migration tool into new products. The company has updated its security advisory for these CVEs following CISA's alert about active exploitation.
In conclusion, the active exploitation of CVE-2024-9463 and CVE-2024-9465 poses a significant threat to the security of Palo Alto Networks' customers. It is crucial for affected organisations to apply the available patches or temporary measures to protect their systems. The urgency of this matter is underscored by the addition of these vulnerabilities to CISA's KEV catalog.
Firewall configurations should be updated to block traffic associated with CVE-2024-9463 and CVE-2024-9465 to enhance cybersecurity and prevent exploitation. The high CVSS scores of these vulnerabilities underscore the necessity for cybersecurity technology providers to swiftly address identified vulnerabilities and notify users of potential threats.
