Palo Uh-Oh: A severe warning has been issued by the US Cybersecurity and Infrastructure Security Agency (CISA) regarding a critical flaw within the Palo Alto Networks migration tool, Expedition. This tool, which is instrumental for migrating configurations across various platforms, is compromised due to CVE-2024-5910, a vulnerability that allows unwarranted system access to administrative controls and sensitive data. Synopsys CyRC’s Brian Hysell first noticed the weakness, prompting a patch from Palo Alto. However, further investigation by researcher Zach Hanley demonstrated that CVE-2024-5910, in combination with a second vulnerability, CVE-2024-9464, could lead to unauthorized command executions on systems, amplifying the threat level and reinforcing the need for continuous surveillance and swift remediation of security flaws.
