CISA Warns of Actors Exploiting Two Palo Alto Networks Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog.

These vulnerabilities, CVE-2024-9463 and CVE-2024-9465, are reportedly actively exploited by malicious cyber actors. CISA emphasizes that both vulnerabilities pose significant risks, particularly to federal systems.

CVE-2024-9463: Palo Alto Networks Expedition OS Command Injection Vulnerability

The first vulnerability, CVE-2024-9463, is an OS Command Injection flaw in Palo Alto Networks’ Expedition tool, which could allow attackers to execute arbitrary code on the affected system.

This type of vulnerability is particularly dangerous because it grants threat actors the ability to take control of a system and launch further attacks, escalating their access across the network.

Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)

CVE-2024-9465: Palo Alto Networks Expedition SQL Injection Vulnerability

The second vulnerability, CVE-2024-9465, is an SQL Injection vulnerability in the same Expedition ...