Summary: The U.S. CISA has added two critical vulnerabilities in Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. The vulnerabilities allow attackers to bypass authentication, increasing the risk of unauthorized access to network systems. Affected agencies must remediate these flaws by March 11, 2025, to secure their networks.
Affected: Palo Alto Networks PAN-OS, SonicWall SonicOS SSLVPN
Keypoints :
- CVE-2025-0108: An authentication bypass vulnerability in PAN-OS with a CVSS score of 7.8.
- CVE-2024-53704: An improper authentication vulnerability in the SSLVPN mechanism with a CVSS score of 8.2.
- Active exploitation attempts are being tracked, with significant increases in attack traffic detected.
- Federal agencies are mandated to address these vulnerabilities by March 11, 2025.
Source: https://thehackernews.com/2025/02/cisa-adds-palo-alto-networks-and.html
Views: 8
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português