CISA Warns of Active Attacks on Critical Palo Alto Exploit
CISA Adds Critical Palo Alto Flaw to Vulnerability Catalog After Attack DiscoveryA critical vulnerability initially patched by the security giant Palo Alto Networks in July has been exploited in multiple attacks since it was first discovered earlier this year, according to the United States' cyber defense agency.
See Also: How Active Directory Security Drives Operational Resilience
The Cybersecurity and Infrastructure Security Agency alerted Palo Alto Networks about the active exploitation of a security flaw within its Expedition tool, according to an advisory the company issued Thursday. Expedition aims to streamline the configuration migration process from vendors such as Cisco or Checkpoint over to Palo Alto Networks products, making the transition smoother for customers by automating key steps and reducing manual workloads.
But a "missing authentication for a critical function" in Expedition can trigger an administrative account takeover for threat actors, according to the advisory. The company warned that configuration secrets, credentials "and other data imported into Expedition" is at risk due to the critical flaw.
Palo Alto Networks reported that the vulnerability, CVE-2024-5910, has a critical CVSS score of 9.3 and requires urgent attention due to its low attack complexity. The advisory recommends ensuring network access to Expedition is exclusively restricted to authorized users, hosts and networks.
It’s unclear if CISA uncovered the active exploitation of the security flaw through its own investigation or with input from a third party. The agency did not respond to a request for comment.
The advisory comes after threat intelligence firm Volexity discovered a zero-day exploit in April impacting firewall appliances made by Palo Alto Networks. The previous vulnerability carried a maximum CVSS score of 10 and was likely exploited by nation-state hackers, threat intelligence researchers warned (see: Likely State Hackers Exploiting Palo Alto Firewall Zero-Day).
CISA added the critical flaw to its known exploited vulnerabilities catalog Thursday along with three other exploits. The advisory warned that these types of vulnerabilities "are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise."