Several serious Palo Alto firewall hijacking vulnerabilities resolved

Fixes have been issued by Palo Alto Networks to address five significant Expedition customer migration tool flaws, which could be leveraged to compromise PAN-OS firewall accounts, reports SecurityWeek.

Most serious of the resolved vulnerabilities was the critical OS command injection issue, tracked as CVE-2024-9463, which could be exploited to expose firewalls' usernames, cleartext passwords, API keys, and configurations, according to Palo Alto Networks, which also noted similar data exposure from the abuse of another critical bug of the same nature, tracked as CVE-2024-9464. Palo Alto Networks also patched a critical SQL injection flaw, tracked as CVE-2024-9465, which could be used to compromise usernames and password hashes within Expedition databases, as well as the high-severity bugs, tracked as CVE-2024-9466 and CVE-2024-9467, which could be utilized to reveal sensitive firewall details and execute malicious JavaScript for phishing intrusions, respectively. Aside from ensuring updates to Expedition iterations 1.2.96 and later, organizations have been recommended to mitigate attack risk by rotating both Expedition and firewall credentials.