On January 9, 2025, cybersecurity firms have rolled out crucial updates to address significant vulnerabilities in products by Palo Alto Networks, SonicWall, and Aviatrix. These updates are pivotal to safeguarding systems from potentially severe exploits.

Palo Alto Networks’ Expedition Tool Vulnerabilities

Palo Alto Networks has issued patches for its Expedition migration tool, which is designed to assist in transitioning from competitor firewall platforms to Palo Alto's infrastructure. This tool, however, has reached its end-of-life as of December 31, 2024. The discovered vulnerabilities include:

CVE-2025-0103 (CVSS 7.8): This SQL injection vulnerability allows an authenticated user to access the Expedition database, revealing sensitive information like password hashes and device details, and enables file manipulation.

CVE-2025-0104 (CVSS 4.7): A reflected cross-site scripting flaw that could enable the execution of malicious JavaScript, potentially leading to phishing attacks.

CVE-2025-0105 (CVSS 2.7): This issue permits arbitrary file deletion by an unauthenticated user with access to the www-data user’s files.

CVE-2025-0106 (CVSS 2.7): A vulnerability that allows file enumeration on the host system.

CVE-2025-0107 (CVSS 2.3): An OS command injection vulnerability that lets authenticated users run commands, risking exposure of user credentials and configuration data. These vulnerabilities are fixed in versions 1.2.100 and 1.2.101 of Expedition. Users are advised to restrict network access to the tool to authorized entities or disable it if unused.

SonicWall's SonicOS Updates

SonicWall has also released patches to mitigate several flaws in SonicOS, including:

CVE-2024-53704 (CVSS 8.2): A serious improper authentication vulnerability in the SSLVPN module that can be exploited for authentication bypass.

CVE-2024-53706 (CVSS 7.8): A flaw in the Gen7 SonicOS Cloud platform, specific to AWS and Azure versions, enabling local low-privileged users to gain root access. Although there is no current evidence of these vulnerabilities being exploited, immediate application of these patches is strongly recommended.

Critical Aviatrix Controller Vulnerability

In addition, Polish cybersecurity firm Securing has uncovered a critical flaw in the Aviatrix Controller (CVE-2024-50603, CVSS 10.0), affecting versions 7.x through 7.2.4820. The vulnerability allows unauthenticated attackers to execute arbitrary code due to unsanitized inputs in specific API endpoints. The patches for this issue are available in versions 7.1.4191 or 7.2.4996.

Users of Palo Alto Networks, SonicWall, and Aviatrix Controllers are urged to implement the latest patches to protect their systems from potential exploits. For continuous updates on such critical security issues, follow trusted cybersecurity sources.

The link has been copied!