CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. One major flaw, CVE-2024-5910 (CVSS score: 9.3), affects Palo Alto Networks Expedition and involves missing authentication that could allow attackers to take over admin accounts and access sensitive data. This issue affects all Expedition versions prior to 1.2.92, released in July 2024 to fix the problem.
CISA also listed CVE-2024-43093, a privilege escalation vulnerability in the Android Framework disclosed by Google, which has seen limited, targeted exploitation. Additionally, CVE-2024-51567 (CVSS score: 10.0), a critical CyberPanel flaw allowing remote command execution as root, was included. This vulnerability was exploited by ransomware groups to attack over 22,000 CyberPanel instances, leading to multiple file encryptions.
Federal agencies have been advised to address these vulnerabilities by November 28, 2024, to protect against active threats.