One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8649008 |
| Date de publication | 2025-02-19 20:09:10 (vue: 2025-02-19 14:59:05) |
| Titre | CISA Flags Palo Alto & SonicWall Flaws As Exploited |
| Texte | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security vulnerabilities affecting Palo Alto Networks and SonicWall products to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation by malicious actors. The two below-mentioned vulnerabilities, which are based on evidence of active exploitation, are frequent attack vectors for malicious cyber actors, posing significant risks to organizations. These are: CVE-2025-0108 (CVSS score: 7.8) – Palo Alto PAN-OS Authentication Bypass Vulnerability: This flaw affects Palo Alto Networks\' PAN-OS, the software running on its next-generation firewalls. The vulnerability allows an unauthenticated attacker to bypass authentication mechanisms and gain unauthorized access to network resources. Exploiting this vulnerability could enable threat actors to infiltrate sensitive systems, exfiltrate data, or deploy further exploits within a compromised network. CVE-2024-53704 (CVSS score: 8.2) – SonicWall SonicOS SSLVPN Improper Authentication Vulnerability: This flaw exists in SonicWall\'s SonicOS SSLVPN feature, which is used for secure remote access. Attackers can exploit this vulnerability to bypass authentication procedures, granting unauthorized access to VPN-protected networks. This enables the attackers to intercept messages, steal access to internal resources, and conduct privilege escalation attacks, which are a massive threat to enterprise security. Palo Alto Networks has confirmed the active exploitation of the CVE-2025-0108 vulnerability. The company notes that it has observed exploit attempts with other vulnerabilities, such as CVE-2024-9474 and CVE-2025-0111. “Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” the company said in an updated advisory. According to cybersecurity firm GreyNoise, 26 active exploitation attempts have been made to-date targeting the CVE-2025-0108 authentication bypass vulnerability. This flaw has affected the major countries: the United States, France, Germany, the Netherlands, and Brazil. On the other hand, Bishop Fox recently released technical details and a proof-of-concept (PoC) exploit for CVE-2024-53704, a high-severity authentication bypass in SonicOS SSLVPN. Shortly after the PoC was made public, Arctic Wolf detected exploitation attempts in the wild. In response to the active exploitation of these vulnerabilities, CISA has mandated all Federal Civilian Executive Branch (FCEB) agencies, as per the November 2021 Binding Operational Directive (BOD) 22-01, to apply the patches by March 11, 2025, to mitigate the identified vulnerabilities and protect their networks against potential threats. Palo Alto Networks |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | – palo “palo 0108 0111 0111 on 2021 2024 2025 53704 9474 9474 and cve access according active activity actors added advisories advisory affected affecting affects after against agencies agency all allows alto apply arctic are are: attack attacker attackers attacks attempts authentication based been below best binding bishop bod branch brazil bypass can catalog chaining cisa civilian company company said in compromised concept conduct confirmed could countries: the cve cvss cyber cybersecurity data date defense deploy details detected directive enable enables ensure enterprise escalation evidence executive exfiltrate exists exploit exploitation exploited exploiting exploits fceb feature federal firewalls firm firmware flags flaw flaws follow fox france frequent further gain generation germany giants granting greynoise hand has have high identified implementing improper including infiltrate infrastructure intercept interfaces internal its kev known latest layered made major malicious management mandated march massive mechanisms mentioned messages mitigate monitoring multi netherlands network networks next notes observed operational organizations other palo pan patches per the november poc posing potential practices privilege procedures products proof protect protected public recently released remote resources response restricting risks run running score: secure security sensitive severity shortly should significant software sonicos sonicwall sources sslvpn states steal strategies such systems targeting technical these threat threats trusted tuesday two unauthenticated unauthorized united unpatched unsecured unusual updated updates used users using vectors vpn vulnerabilities vulnerabilities and vulnerability vulnerability: warning web which wild within with cve wolf – |
| Tags | Vulnerability Threat Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.