Today CISA announced that it had added operating system vulnerabilities from Palo Alto Networks and SonicWall to their Known Exploited Vulnerabilities (KEV) catalog.
PAN-OS Vulnerability
The PAN-OS vulnerability is a missing authentication for critical function vulnerability. The vulnerability was previously reported by Palo Alto Networks, they have new versions that mitigate the vulnerability. The vulnerability was initially reported Adam Kues of Assetnote Security Research Team. GreyNoise reported seeing this vulnerability being exploited in the wild last week.
NOTE: I briefly discussed this vulnerability yesterday.
CISA has directed federal agencies to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” The deadline for completing these actions is March 11th, 2025.
SonicOS Vulnerability
The SonicOS vulnerability is an improper authentication vulnerability. The vulnerability was previously reported by SonicWall. The vulnerability was initially reported by Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security via the Zero Day Initiative. BishopFox published a technical report on the vulnerability which included proof-of-concept code.
NOTE: I briefly discussed this vulnerability on January 11th, 2025.
CISA has directed federal agencies to apply “mitigations per
vendor instructions or discontinue use of the product if mitigations are
unavailable.” The deadline for completing these actions is March 11th,
2025.
Posts
No comments:
Post a Comment