Today, CISA added four vulnerabilities to their Known Exploited Vulnerabilities catalog. Included in that number is a missing authentication for critical function vulnerability in the Palo Alto Networks Expedition Migration Tool. Palo Alto Networks published their advisory for this vulnerability on July 10th, 2024; reporting that a new version was available to mitigate the vulnerability. On October 9th, Horizon3.ai published a report looking at the vulnerability; the report include proof-of-concept code.
CISA has ordered federal agencies using Expedition to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable” by November 28th, 2024
NOTE: On June 14th, 2024 Palo Alto Networks
announced that Expedition would move into end-of-life
status in January 2025. Palo Alto Networks has new products available for
Expedition customers to move into.
Posts
No comments:
Post a Comment