Yesterday CISA added [link added 12-31-24 9:38 pm EST] an improper check for unusual or exceptional conditions vulnerability in the Palo Alto Networks PAN-OS software to their Known Exploited Vulnerabilities catalog. This vulnerability was previously disclosed by Palo Alto Networks. The vulnerability was initially reported by CERT-EE (Estonia). Palo Alto Networks has new versions that mitigate the vulnerability. CISA has directed federal agencies utilizing the affected software to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” The deadline to complete such actions is January 20th, 2025.
NOTE: I briefly
discussed this vulnerability on Saturday, and suggested on my Substack
blog (subscription required) that the vulnerability could show up on the
KEV this week.
Posts
No comments:
Post a Comment