The American cyber security authority CISA sounded the alarm on Thursday: a serious security vulnerability in the software of IT security company Palo Alto Networks is already being actively exploited by attackers.
The vulnerability, classified as “critical”, affects the migration tool “Expedition” and has been added to the Catalog of Known Exploited Vulnerabilities (KEV). “Palo Alto Expedition has an authentication vulnerability that could allow an attacker with network access to take over an Expedition administrator account and potentially access configuration secrets, credentials and other data,” warned CISA in its announcement. The authority classifies the vulnerability as particularly critical with a CVSS score of 9.3 out of 10 possible points.
The vulnerability affects all versions of Expedition prior to version 1.2.92, which was released in July 2024 to address the issue. The company confirmed after the CISA warning that the vulnerability is indeed being actively exploited. U.S. federal agencies have been instructed to update their systems by Nov. 28.
In addition to the Palo Alto vulnerability, CISA has included two other critical vulnerabilities in its KEV catalog. These include a vulnerability in the Android framework, which Google claims is already being exploited, and a critical vulnerability in CyberPanel. The latter allows unauthenticated attackers to execute commands with root privileges – the highest possible authorization level in Unix-based systems.