Skip to main content
close search
site logo
Dive Brief

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits

CISA warned of two critical and actively exploited vulnerabilities in Expedition one week after another CVE came under active exploitation in the same product.

Published Nov. 15, 2024
Matt Kapko's headshot
Senior Reporter
Palo Alto Networks
Cybersecurity professionals assemble for a presentation at Palo Alto Networks' booth on the show floor on April 27, 2023 at the RSA Conference in San Francisco. Attackers are actively exploiting three critical vulnerabilities in the company's customer migration tool, the Cybersecurity and Infrastructure Security Agency said on Nov. 15, 2024. Matt Kapko/Cybersecurity Dive

Dive Brief:

  • Attackers are actively exploiting a pair of previously disclosed vulnerabilities in Palo Alto Networks Expedition, federal cyber authorities said Thursday. 
  • The Cybersecurity and Infrastructure Security Agency added CVE-2024-9463, an OS command injection vulnerability with a CVSS score of 9.9, and CVE-2024-9465, an SQL injection vulnerability with a CVSS score of 9.2, to its known exploited vulnerabilities catalog on Thursday. The alert comes one week after the agency confirmed another vulnerability in the same product, CVE-2024-5910, was under active exploitation
  • Palo Alto Networks disclosed and released a patch for the vulnerabilities along with three additional CVEs in the migration tool on Oct. 9.

Dive Insight:

The trio of actively exploited vulnerabilities in Palo Alto Networks’ tool for migrating customers over from other vendors are all critical and can expose customers’ firewall credentials.

Palo Alto Networks updated its security advisory for the CVEs following CISA’s alert about active exploitation on Thursday. The company did not say when it became aware of exploitation or how many customers are currently impacted.

“The safety and security of our customers and partners is our priority,” Steven Thai, senior manager of global crisis communications and reputation management at Palo Alto Networks, said in a Thursday email.

“We are aware of a report published by CISA regarding the active exploitation of CVE-2024-9463 and CVE-2024-9465,” Thai said. “If customers are not able to immediately update the software, we advise them to turn off the tool.”

The company said the vulnerabilities are fixed in Expedition 1.2.96 and all later versions.

Palo Alto Networks previously said it plans to stop supporting Expedition in January and move the functionalities of the migration tool into new products. Expedition allows customers to convert a configuration from Checkpoint, Cisco and other support vendors to a PAN-OS deployment.

The exploits are hitting Palo Alto Networks’ customer migration tool during a period of heightened competition. The world’s largest cybersecurity vendor is trying to lure customers away from competitors with an initiative it kicked off earlier this year offering customers deferred billings and other incentives.

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell