We are reaching out to inform you about a new set of Palo Alto Networks vulnerabilities found in the PAN-OS Firewall Expedition software. These vulnerabilities are actively being used by attackers to take control of networks and steal sensitive information.
Key Vulnerabilities and Threat Details
The most serious of these vulnerabilities is known as CVE-2024-9463. This flaw allows attackers to access Expedition's database without needing to log in, thanks to a command injection issue. Once inside, attackers can combine this with another vulnerability, CVE-2024-9466, which lets them view sensitive information such as usernames, passwords, and API keys in plain text. This makes it easier for attackers to gain full access to a network. These Palo Alto Networks vulnerabilities are critical and pose a significant risk if left unpatched.
Proof-of-Concept Attack and Patch Availability
Palo Alto Networks has confirmed that hackers have developed proof-of-concept tools to exploit these vulnerabilities, which increases the risk of attacks. To protect your systems, it is critical to install the latest patch that Palo Alto Networks has released. We strongly recommend that all organizations update their software immediately to prevent any potential security breaches.
Key Details:
Vulnerability IDs:
- CVE-2024-9463 (CVSS score: 9.9) – Command Injection
- CVE-2024-9464 (CVSS score: 9.3) – Command Injection
- CVE-2024-9465 (CVSS score: 9.2) – SQL Injection
- CVE-2024-9466 (CVSS score: 8.2) – Cleartext Storage of sensitive data
- CVE-2024-9467 (CVSS score: 7.0) – Cross-site Scripting (XSS)
Severity: Critical
Affected Devices: Palo Alto PAN-OS Firewalls
Immediate Actions to Take:
- Update your software: Ensure your Expedition version is 1.2.96 or higher to patch these vulnerabilities.
- Temporary workarounds: If you cannot update right away, restrict access to Expedition to only authorized users, or shut it down until the update is complete.
Protect Your Network Now
As always, your security is our top priority. Please take these steps to protect your network from the Palo Alto Networks vulnerabilities.
Is your business truly safe from cyber threats? If you're unsure, now is the time to act. Our must-read guide, You're the #1 Target is essential for business owners who want to understand the real risks of cyberattacks and how to protect their company. Don't let your business be exposed, we'll send you a free copy straight to your door! For a limited time, we’re also offering a free cybersecurity consultation. Whether you already work with a Managed IT service provider or are concerned about your company's security, we’ll help you evaluate your current defenses and pinpoint any vulnerabilities. Don’t wait until it’s too late, take action today to safeguard everything you've built!
Are you Relocating Your Business and need some expert advice? Relocating Your Business can be a daunting task, but with the right guidance, it can be a seamless process that helps your company grow in new ways. Clint Brinkley is here to show you exactly how to make the transition smooth and successful. With years of experience in business relocation strategies, Clint will guide you through every step—from scouting the perfect location to managing logistics and minimizing downtime. Whether you’re moving across town or across the country, Clint’s expert advice will ensure your business hits the ground running in its new home.
Servicing All of Houston: The Woodlands, Conroe, Bellaire, Katy, River Oaks, The Heights, Rice Village, Midtown, Medical Center, Kingwood, Clear Lake City, Webster, League City, Pearland, Tomball, Galveston
Servicing All of Dallas-Fort Worth: Prosper, Southlake, Grapevine, Keller, Carrollton, Plano, Garland, Coppell, Irving, Mesquite, Denton, Frisco, Cedar Hill, Flower Mound, Hutchins, McKinney
You must be logged in to post a comment.