CISA Warns of Active Attacks on Critical Palo Alto Exploit

CISA Adds Critical Palo Alto Flaw to Vulnerability Catalog After Attack Discovery
CISA Warns of Active Attacks on Critical Palo Alto Exploit
Palo Alto Network's Expedition tool is still being actively exploited, the U.S. cyber defense agency warned Thursday. (Image: Shutterstock)

A critical vulnerability initially patched by the security giant Palo Alto Networks in July has been exploited in multiple attacks since it was first discovered earlier this year, according to the United States' cyber defense agency.

See Also: How to Take the Complexity Out of Cybersecurity

The Cybersecurity and Infrastructure Security Agency alerted Palo Alto Networks about the active exploitation of a security flaw within its Expedition tool, according to an advisory the company issued Thursday. Expedition aims to streamline the configuration migration process from vendors such as Cisco or Checkpoint over to Palo Alto Networks products, making the transition smoother for customers by automating key steps and reducing manual workloads.

But a "missing authentication for a critical function" in Expedition can trigger an administrative account takeover for threat actors, according to the advisory. The company warned that configuration secrets, credentials "and other data imported into Expedition" is at risk due to the critical flaw.

Palo Alto Networks reported that the vulnerability, CVE-2024-5910, has a critical CVSS score of 9.3 and requires urgent attention due to its low attack complexity. The advisory recommends ensuring network access to Expedition is exclusively restricted to authorized users, hosts and networks.

It’s unclear if CISA uncovered the active exploitation of the security flaw through its own investigation or with input from a third party. The agency did not respond to a request for comment.

The advisory comes after threat intelligence firm Volexity discovered a zero-day exploit in April impacting firewall appliances made by Palo Alto Networks. The previous vulnerability carried a maximum CVSS score of 10 and was likely exploited by nation-state hackers, threat intelligence researchers warned (see: Likely State Hackers Exploiting Palo Alto Firewall Zero-Day).

CISA added the critical flaw to its known exploited vulnerabilities catalog Thursday along with three other exploits. The advisory warned that these types of vulnerabilities "are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise."


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.