The US CISA has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog
The first vulnerability, CVE-2024-9463 with a CVSS score of 9.9 and CWE-78, is an OS Command Injection flaw in Palo Alto Networks’ Expedition tool, which could allow attackers to execute arbitrary code on the affected system.
Advertisements
The second vulnerability, CVE-2024-9465, with a CVSS score of 9.2 and CWE-89, is an SQL injection vulnerability in the same Expedition tool. This flaw allows attackers to manipulate database queries, potentially stealing, modifying, or deleting sensitive data.
CISA has set December 03, 2024, as a deadline for federal agencies to remediate the vulnerabilities
Nice information 🌺🌺