According to CISA, two additional critical vulnerabilities have been discovered in Palo Alto Networks’ Expedition migration tool.

The US Cyber ​​Security Agency (CISA) warns of two critical vulnerabilities in Palo Alto Networks’ Expedition migration tool that are currently being actively exploited. These vulnerabilities allow attackers to penetrate unpatched systems running the company’s Expedition migration tool. Palo Alto Networks is now releasing security updates to address these issues.

Two weak points

CISA warns of two new vulnerabilities in Palo Alto Networks’ Expedition migration tool. The first vulnerability, CVE-2024-9463, allows attackers to execute arbitrary operating system commands as root. This means sensitive information is exposed, including usernames, passwords, device configurations and device API keys. The second vulnerability, CVE-2024-9465, allows attackers to access the contents of the Expedition database. In addition, they can also create or read arbitrary files on vulnerable systems.

“Several vulnerabilities in Palo Alto Networks Expedition could allow an attacker to read the contents of the Expedition database and arbitrary files, and write arbitrary files to temporary storage locations in the Expedition system. Collectively, this includes information such as usernames, plain text passwords, device configurations and device API keys from PAN-OS firewalls.”

Palo Alto Networks is now shipping several security updates to address these issues in Expedition 1.2.96 and later. Administrators who are unable to update the software immediately are urged to limit access to the Expedition network to authorized users.