InfoSecBulletin Cybersecurity for mankind
Palo Alto Networks released a security advisory (PAN-SA-2024-0010) about several high-severity vulnerabilities in its Expedition migration tool, with CVSS scores between 7.0 and 9.9. Exploiting these flaws could allow attackers to take over firewall admin accounts and access sensitive information like usernames, cleartext passwords, and API keys for PAN-OS firewalls.
The vulnerabilities found in Expedition are serious, particularly for organizations using Palo Alto Networks firewalls. They include OS command injection, SQL injection, and storing sensitive information in cleartext, allowing attackers to gain root access and steal confidential data.
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
Alert
40,000 + live internet cameras exposed globally !
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
84,000+ Roundcube instances vulnerable to actively exploited flaw
CVE-2024-9463 (CVSS 9.9): A vulnerability that allows an attacker to run commands on the operating system as an admin, exposing sensitive information like usernames and passwords.
CVE-2024-9464 (CVSS 9.3): A related OS command injection vulnerability that requires authentication and lets attackers run commands as root.
CVE-2024-9465 (CVSS 9.2): An SQL injection flaw that lets attackers access Expedition’s database, exposing passwords and usernames.
CVE-2024-9466 (CVSS 8.2): A vulnerability that allows storing firewall usernames and passwords in an unprotected format, creating a serious risk if not addressed.
CVE-2024-9467 (CVSS 7.0): A reflected XSS vulnerability that lets attackers run harmful JavaScript through phishing attacks.
Palo Alto Networks has released version 1.2.96 of Expedition to fix vulnerabilities. Users are advised to change all usernames, passwords, and API keys after updating. It’s also recommended to restrict network access to authorized users to reduce exposure risk.
The company acknowledged researchers from Horizon3.ai and Palo Alto Networks who reported these vulnerabilities. Despite the severity of these issues, Palo Alto Networks states that they are “not aware of any malicious exploitation of these issues.”
Organizations utilizing Palo Alto Networks Expedition must promptly upgrade to version 1.2.96 or a later release and thoroughly rotate all pertinent credentials. Neglecting this crucial step may expose critical systems to unauthorized access. Additionally, administrators aiming to identify potential compromises related to CVE-2024-9465 can refer to the advisory for the following indicator of compromise (IoC) command:
mysql -uroot -p -D pandb -e “SELECT * FROM cronjobs;”
If this command returns records, it may indicate a compromise of the system. However, Palo Alto Networks advises that this does not guarantee that a system is free from compromise if no records are returned.
