Summary: Palo Alto Networks has released patches for critical vulnerabilities in its Expedition migration tool, including a high-severity SQL injection flaw that could allow authenticated attackers to access sensitive data. Additionally, SonicWall and Securing have also addressed significant security flaws in their respective products.
Threat Actor: (authenticated attacker, unauthenticated attacker) | threat actor
Victim: (Palo Alto Networks, SonicWall, Aviatrix) | Palo Alto Networks, SonicWall, Aviatrix
Key Point :
- Palo Alto Networks addressed multiple vulnerabilities in its Expedition tool, including SQL injection and XSS flaws.
- SonicWall released patches for authentication bypass and privilege escalation vulnerabilities in SonicOS.
- Aviatrix Controller has a critical flaw allowing arbitrary code execution, now patched in recent versions.
- Users are urged to apply the latest updates as no exploitation evidence has been reported.
Source: https://thehackernews.com/2025/01/major-vulnerabilities-patched-in.html