Grow Your Business and Join MarketWorld Marketplace and Create Your Own Store front

Thursday, December 26, 2024

Grow Your Business and Join MarketWorld Marketplace and Create Your Own Store front

HomeCyberSecurityPalo Alto Networks’ customer migration tool hit by trio of CVE exploits

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits

Dive Brief:

  • Attackers are actively exploiting a pair of previously disclosed vulnerabilities in Palo Alto Networks Expedition, federal cyber authorities said Thursday. 
  • The Cybersecurity and Infrastructure Security Agency added CVE-2024-9463, an OS command injection vulnerability with a CVSS score of 9.9, and CVE-2024-9465, an SQL injection vulnerability with a CVSS score of 9.2, to its known exploited vulnerabilities catalog on Thursday. The alert comes one week after the agency confirmed another vulnerability in the same product, CVE-2024-5910, was under active exploitation
  • Palo Alto Networks disclosed and released a patch for the vulnerabilities along with three additional CVEs in the migration tool on Oct. 9.

Dive Insight:

The trio of actively exploited vulnerabilities in Palo Alto Networks’ tool for migrating customers over from other vendors are all critical and can expose customers’ firewall credentials.

Palo Alto Networks updated its security advisory for the CVEs following CISA’s alert about active exploitation on Thursday. The company did not say when it became aware of exploitation or how many customers are currently impacted.

“The safety and security of our customers and partners is our priority,” Steven Thai, senior manager of global crisis communications and reputation management at Palo Alto Networks, said in a Thursday email.

“We are aware of a report published by CISA regarding the active exploitation of CVE-2024-9463 and CVE-2024-9465,” Thai said. “If customers are not able to immediately update the software, we advise them to turn off the tool.”

The company said the vulnerabilities are fixed in Expedition 1.2.96 and all later versions.

Palo Alto Networks previously said it plans to stop supporting Expedition in January and move the functionalities of the migration tool into new products. Expedition allows customers to convert a configuration from Checkpoint, Cisco and other support vendors to a PAN-OS deployment.

The exploits are hitting Palo Alto Networks’ customer migration tool during a period of heightened competition. The world’s largest cybersecurity vendor is trying to lure customers away from competitors with an initiative it kicked off earlier this year offering customers deferred billings and other incentives.


Source link

Bookmark (0)
Please login to bookmark Close
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Sponsored Business

- Advertisment -spot_img