Two of six critical vulnerabilities in Palo Alto Networks’ Expedition Migration tool, which the company patched in October, are being actively exploited according to the US Cybersecurity and Infrastructure Security Agency.
CISA has now added the two vulnerabilities — CVE-2024-9463 and CVE-2024-9465 — to its known exploited vulnerabilities (KEV) catalog, putting CISOs who ignored last month’s warnings to patch the Palo Alto flaws on notice that their systems are now under threat.
A day after the CISA alert, the cybersecurity giant, which previously maintained a “no-zero-day” exploitation status on the bugs, updated its advisory to reflect the increased threat.
Source:: Network World