CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that could lead to an admin account takeover.
"Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data," CISA said in an alert.
The shortcoming impacts all versions of Expedition prior to version 1.2.92, which was released in July 2024 to plug the problem.
There are currently no reports on how the vulnerability is being weaponized in real-world attacks, but Palo Alto Networks has since revised its original advisory to acknowledge that it's "aware of reports from CISA that there is evidence of active exploitation."
Also added to the KEV catalog are two other flaws, including a privilege escalation vulnerability in the Android Framework component (CVE-2024-43093) that Google disclosed this week as having come under "limited, targeted exploitation."
The other security defect is CVE-2024-51567 (CVSS score: 10.0), a critical flaw affecting CyberPanel that allows a remote, unauthenticated attacker to execute commands as root. The issue has been resolved in version 2.3.8.
In late October 2023, it emerged that the vulnerability was being exploited en masse by malicious actors to deploy PSAUX ransomware on more than 22,000 internet-exposed CyberPanel instances, according to LeakIX and a security researcher who goes by the online alias Gi7w0rm.
LeakIX also noted that three distinct ransomware groups have quickly capitalized on the vulnerability, with files encrypted multiple times in some cases.
Federal Civilian Executive Branch (FCEB) agencies have been recommended to remediate the identified vulnerabilities by November 28, 2024, to secure their networks against active threats.
North Korean hackers use new macOS malware against crypto firms
New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
MediumWeb Cache Deception
MediumInsecure HTTP Method
LowStrict-Transport-Security Max-Age Malformed (Non-compliant with Spec)
MediumCORS Misconfiguration
InformationalInformation Disclosure - JWT in Browser sessionStorage
InformationalUser Controllable HTML Element Attribute (Potential XSS)
InformationalStrict-Transport-Security Header on Plain HTTP Response
MediumHTTP Parameter Override
CWE-164 Improper Neutralization of Internal Special Elements
CWE-81 Improper Neutralization of Script in an Error Message Web Page
HighCWE-646 Reliance on File Name or Extension of Externally-Supplied File
CWE-1052 Excessive Use of Hard-Coded Literals in Initialization
CWE-1067 Excessive Execution of Sequential Searches of Data Resource
Free online web security scanner
