CISA Warns of Two More Palo Alto Expedition Flaws Exploited in Attacks
securityweek
The cybersecurity agency CISA on Thursday warned about two additional Palo Alto Networks Expedition vulnerabilities exploited in attacks.
On November 7, CISA informed organizations that it had become aware that CVE-2024-5910, a Palo Alto Networks Expedition vulnerability patched in July, has been exploited in attacks.
CVE-2024-5910 is a critical missing authentication issue that allows an attacker with network access to Expedition to take over administrator accounts. The flaw puts credentials and configuration secrets at risk.
Expedition is a tool designed to make it easier for users to migrate a configuration from a third-party vendor such as Check Point or Cisco to a Palo Alto Networks product.
On November 14, CISA warned about the exploitation of two additional Expedition vulnerabilities. The flaws, tracked as CVE-2024-9463 and CVE-2024-9465, are critical flaws that were patched by the vendor in early October.
Palo Alto Networks updated its initial advisory on Thursday to say that ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE