The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors have exploited a critical vulnerability in Palo Alto Networks Expedition. The watchdog has added the vulnerability, tracked as ‘CVE-2024-5910’, to its Known Exploited Vulnerabilities Catalog.
Expedition is a platform used by Palo Alto Networks to ease the conversion of firewall configurations from rival vendors to work with its own systems. The vulnerability in the tool identified by CISA puts configuration secrets, credentials, and other imported data at risk by potentially allowing attackers with network access to seize control of admin accounts.
CISA expands Known Exploited Vulnerabilities Catalog
In addition to the Palo Alto Networks bug, CISA has added three others to its list of vulnerabilities based on evidence of active exploitation. They are the Android Framework Privilege Escalation Vulnerability (CVE-2024-43093), CyberPanel Incorrect Default Permissions Vulnerability (CVE-2024-51567) and Nostromo nhttpd Directory Traversal Vulnerability (CVE-2019-16278).
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.
CVE-2024-51567 enables remote attackers to bypass authentication in CyberPanel and issue arbitrary commands through /dataBases/upgrademysqlstatus by manipulating the statusfile property with shell metacharacters. This vulnerability impacts versions through 2.3.6 and (unpatched) 2.3.7.
CVE-2019-16278 is a directory traversal issue in http_verify function in nostromo nhttpd through 1.9.6 enabling a malicious actor to execute coding via a crafted HTTP request.
CVE-2024-43093 has been reserved by a CVE Numbering Authority (CNA) and the record will be updated once the details are available.
CISA’s Known Exploited Vulnerabilities (KEV) Catalog lists all vulnerabilities that have been exploited in the wild. Organisations use it to get apprised and initiate remediation to minimise the likelihood of compromise by known threat actors.
In September, CISA warned about a critical vulnerability affecting Apache HugeGraph-Server.
Read More: CISA, FBI call for enhanced security in software product development process
