CISA Provides Three Important Vulnerabilities To The Recognized Exploited Vulnerabilities Catalog

Overview

The Cybersecurity and Infrastructure Safety Company (CISA) has lately added three vital vulnerabilities to its Recognized Exploited Vulnerabilities Catalog (KEV), primarily based on proof of lively exploitation. These vulnerabilities, recognized in in style networking and safety merchandise, characterize a substantial threat to each non-public and authorities networks.

The lately added vulnerabilities to the CISA’s Recognized Exploited Vulnerabilities Catalog embody CVE-2024-1212, a important OS command injection flaw within the Progress Kemp LoadMaster; CVE-2024-0012, an authentication bypass vulnerability affecting Palo Alto Networks PAN-OS; and CVE-2024-9474, a privilege escalation concern inside PAN-OS that allows attackers to escalate privileges by way of OS command injection.

These vulnerabilities have been categorized with various ranges of urgency and severity, however all share a standard attribute—they pose substantial dangers when left unaddressed, significantly for federal enterprises. The vulnerabilities had been recognized by way of lively menace analysis and exploitation monitoring, underlining the necessity for speedy mitigation and patching.

CVE-2024-1212: Progress Kemp LoadMaster OS Command Injection Vulnerability

Progress Kemp LoadMaster, a widely-used software supply controller and cargo balancer, has been discovered to comprise a extreme OS command injection vulnerability. This concern, designated CVE-2024-1212, permits an attacker with entry to the administrator internet consumer interface (WUI) to execute arbitrary instructions on the affected system. The vulnerability stems from a flaw within the LoadMaster’s dealing with of API requests by way of the administrator interface.

The vulnerability in Progress Kemp LoadMaster (CVE-2024-1212) is triggered when an attacker sends specifically crafted enter to the system’s “/entry” endpoint, which bypasses current restrictions. This enter is badly dealt with by a weak Bash script, resulting in unchecked consumer enter being handed right into a system() name.

Consequently, attackers can inject malicious instructions that would doubtlessly escalate privileges to root, offering full management over the gadget. The affected model is 7.2.59.0.22007, whereas the difficulty has been addressed within the patched model 7.2.59.2.22338. For additional particulars, customers are inspired to assessment the Kemp LoadMaster CVE-2024-1212 advisory.

The vulnerability was quickly patched after its discovery, however directors are urged to improve to the most recent model to mitigate potential exploitation dangers. If left unpatched, the vulnerability permits attackers to fully compromise the affected system, making it a primary goal for cybercriminals.

CVE-2024-0012: PAN-OS Authentication Bypass Vulnerability

CVE-2024-0012 is a important vulnerability in Palo Alto Networks PAN-OS, the software program that powers their next-generation firewalls. This vulnerability permits unauthenticated attackers to bypass authentication mechanisms on the administration internet interface, granting them administrator-level privileges.

The vulnerability in PAN-OS software program (CVE-2024-0012) impacts the administration interface, permitting attackers to bypass authentication controls and acquire unauthorized entry to administrative features. This might result in a full compromise of the firewall, enabling attackers to switch configurations, exfiltrate delicate knowledge, or exploit different vulnerabilities, corresponding to CVE-2024-9474, which facilitates privilege escalation.

Experiences point out that this flaw is actively being exploited, with cybercriminals focusing on administration interfaces uncovered to the web. The vulnerability has been assigned a important severity rating of 9.3, highlighting its potential impression. Affected variations embody PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2.

Palo Alto Networks revealed an advisory (PAN-SA-2024-0015) on November 18, 2024, and has launched patches for PAN-OS variations 10.2.12-h2, 11.0.6-h1, 11.1.5-h1, 11.2.4-h1, and later variations. To mitigate dangers, the corporate strongly recommends proscribing entry to the administration interface to trusted inner IP addresses.

CVE-2024-9474: PAN-OS Privilege Escalation Vulnerability

One other vulnerability, CVE-2024-9474, present in the identical PAN-OS software program, permits attackers to escalate privileges as soon as they’ve compromised a tool by way of the beforehand talked about CVE-2024-0012 vulnerability. This privilege escalation (PE) vulnerability is very harmful for organizations which have already been compromised, because it permits attackers to realize root-level entry to the gadget, offering them with full management over the firewall system.

The vulnerability (CVE-2024-9474) permits attackers who’ve already bypassed authentication (by way of CVE-2024-0012) to escalate their privileges by way of a flaw within the internet administration interface of PAN-OS. As soon as they acquire elevated privileges, attackers can carry out administrative actions which can be usually restricted, corresponding to modifying important system information or configurations, doubtlessly main to a whole system compromise.

This vulnerability has been assigned a medium severity score of 6.9 and is actively being exploited. Affected variations embody PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2. To deal with the difficulty, Palo Alto Networks has launched patches for PAN-OS variations 10.2.12-h2, 11.0.6-h1, 11.1.5-h1, 11.2.4-h1, and later variations. Along with making use of these patches, it is strongly recommended to limit entry to administration interfaces to trusted inner IP addresses.

Suggestions and Mitigations