Several serious Palo Alto firewall hijacking vulnerabilities resolved

Share This Post



Fixes have been issued by Palo Alto Networks to address five significant Expedition customer migration tool flaws, which could be leveraged to compromise PAN-OS firewall accounts, reports SecurityWeek.

Most serious of the resolved vulnerabilities was the critical OS command injection issue, tracked as CVE-2024-9463, which could be exploited to expose firewalls’ usernames, cleartext passwords, API keys, and configurations, according to Palo Alto Networks, which also noted similar data exposure from the abuse of another critical bug of the same nature, tracked as CVE-2024-9464. Palo Alto Networks also patched a critical SQL injection flaw, tracked as CVE-2024-9465, which could be used to compromise usernames and password hashes within Expedition databases, as well as the high-severity bugs, tracked as CVE-2024-9466 and CVE-2024-9467, which could be utilized to reveal sensitive firewall details and execute malicious JavaScript for phishing intrusions, respectively. Aside from ensuring updates to Expedition iterations 1.2.96 and later, organizations have been recommended to mitigate attack risk by rotating both Expedition and firewall credentials.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch