InfoSecBulletin Cybersecurity for mankind
Palo Alto Networks has issued a critical security advisory outlining numerous vulnerabilities across its product lines, such as PAN-OS, Cortex XDR, and Expedition. These weaknesses vary in severity and potential impact, but collectively present a significant risk to organizations that depend on Palo Alto’s solutions.
CVE-2024-5910: Missing Authentication in Expedition (CVSS 9.3):
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
The vulnerability CVE-2024-5910 affects the Expedition configuration management tool, allowing network access to be exploited by an attacker to take over admin accounts, potentially exposing sensitive data and credentials. It is important for all Expedition users to update to version 1.2.92 or later as soon as possible, as recommended by Palo Alto Networks.
PAN-OS Vulnerabilities:
PAN-OS, the operating system used by Palo Alto firewalls, has several vulnerabilities. These include an arbitrary file upload flaw (CVE-2024-5911), which could disrupt Panorama systems and cause service outages. Another vulnerability (CVE-2024-5913) allows privilege escalation if an attacker can manipulate the physical file system. Additionally, there is a man-in-the-middle vulnerability (CVE-2024-3596) that enables attackers to bypass authentication and obtain superuser privileges when using RADIUS authentication with CHAP or PAP.
Cortex XDR Agent Flaw:
The Cortex XDR agent, which protects endpoints, is affected by CVE-2024-5912. This flaw can allow attackers to bypass security measures and run untrusted software on compromised devices.
Mitigation and Remediation:
Palo Alto Networks advises all affected users to install the patches and updates as soon as possible. The security advisory also outlines specific workarounds and measures, such as restricting network access to Expedition and following best practices for securing administrative access to PAN-OS.
