The vulnerabilities don’t directly affect Panorama, Prisma Access, or Cloud NGFW firewalls. But Palo Alto Networks still gives the vulnerabilities a CVSS base score of 9.9, given the sensitivity of the information that can be stolen. So far the company says it’s not aware of any malicious exploitation of the flaws.
The fixes are available in Expedition 1.2.96 and later.
All Expedition usernames, passwords and API keys should be rotated after upgrading to the fixed version of the application, the company said. In addition, all firewall usernames, passwords, and API keys processed by Expedition should be rotated after the update.
