**CISA Alerts on Active Exploitation of Two Flaws in Palo Alto Networks Software**

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of two newly identified vulnerabilities in the Palo Alto Networks Expedition software. These vulnerabilities have now been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. All Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary updates by December 5, 2024 to mitigate potential threats.

The vulnerabilities, identified as CVE-2024-9463 and CVE-2024-9465, have received high Common Vulnerability Scoring System (CVSS) scores of 9.9 and 9.3 respectively. The first, an OS Command Injection vulnerability, allows an unauthenticated attacker to execute arbitrary OS commands as a root user within the Expedition migration tool. The second, an SQL Injection vulnerability, permits unauthorized access to the database contents.

Successful exploitation of these vulnerabilities could result in the disclosure of sensitive information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. Additionally, attackers could create and read arbitrary files on the compromised systems, posing a significant security threat.

Palo Alto Networks addressed these vulnerabilities in a security update released on October 9, 2024. Following reports from CISA, the company acknowledged that there is evidence indicating active exploitation of both vulnerabilities, though the specifics of these attacks, including methods and responsible parties, remain unclear.

This warning from CISA arrives in close succession to an earlier notification about the exploitation of another critical flaw, CVE-2024-5910, which also affects the Expedition software and carries a CVSS score of 9.3.

Moreover, Palo Alto Networks has recently confirmed that a previously undetected remote command execution vulnerability, which targets a limited number of firewall management interfaces exposed to the internet, is being weaponized. This vulnerability, which has yet to receive a CVE identifier, also has a CVSS score of 9.3. The company is actively working to release fixes and threat prevention signatures as swiftly as possible to counteract this malicious activity.

CISA’s inclusion of these vulnerabilities in its KEV catalog emphasizes the critical need for organizations using Palo Alto Networks Expedition software to implement security updates promptly and protect their networks against these evolving threats.