CISA announced today that it was adding an external control of path or filename vulnerability in the Palo Alto Networks PAN-OS to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was previously reported by Palo Alto Networks. An update to that announcement published Tuesday reported that they had “observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces.” Both of those other advisories had been previously added to the KEV catalog (-9474 on November 18th, 2024, and -0108 on February 18th, 2025).
CISA has directed federal agencies to apply “mitigations per
vendor instructions or discontinue use of the product if mitigations are
unavailable.” The deadline for accomplishing these actions is March 13th,
2025.
Posts
No comments:
Post a Comment