CISA Adds Critical Palo Alto Flaw to Vulnerability Catalog After Attack Discovery
The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a critical vulnerability in the software of Palo Alto Networks, which has become a target for cyber attackers. Originally patched in July by Palo Alto, this vulnerability has reportedly been exploited multiple times since its discovery earlier this year.
This alert from CISA follows a notification to Palo Alto Networks about a flaw within its Expedition tool, as outlined in an advisory released by the company last Thursday. Expedition is designed to simplify the migration of configuration from other vendor products, such as those from Cisco or Checkpoint, to Palo Alto Networks, thus easing the transition for customers by automating significant steps and reducing manual tasks.
However, an issue described as “missing authentication for a critical function” in the Expedition tool can potentially lead to an administrative account takeover by threat actors, according to the advisory. The vulnerability could expose configuration secrets, credentials, and other sensitive data that are imported into Expedition, thereby posing a severe risk.
The vulnerability, identified as CVE-2024-5910, is assigned a critical CVSS score of 9.3, signifying its high severity and urging immediate mitigation measures. Palo Alto Networks recommends that network access to Expedition be strictly limited to authorized users, hosts, and networks to combat this threat.
There is uncertainty about whether CISA discovered the active exploitation of this vulnerability through its investigations or collected information from a third-party source, as the agency has not responded to requests for comments.
This alert was issued following the discovery by threat intelligence firm Volexity of a zero-day exploit in April, which affected firewall appliances from Palo Alto Networks. That particular vulnerability was rated with a maximum CVSS score of 10 and was likely exploited by nation-state hackers, as noted by threat intelligence researchers.
In response, CISA has now added this critical flaw to its known exploited vulnerabilities catalog, along with three other vulnerabilities. The agency warns that such vulnerabilities are frequent attack vectors for hostile cyber actors and pose significant risks to federal enterprises.
Cybersecurity professionals and IT departments using Palo Alto Networks products are strongly encouraged to review their systems’ security measures regarding Expedition tool access, implement the recommended restrictions, and stay informed about updates from Palo Alto Networks and CISA to mitigate potential risks effectively.