CyberSecurity news

FlagThis - #mitel

TIGR Threat Watch@Security Risk Advisors //

Palo Alto Networks Expedition Flaws Expose Secrets

Multiple vulnerabilities have been discovered in Palo Alto Networks' Expedition migration tool, posing significant security risks. These flaws could allow attackers to gain unauthorized access to sensitive data such as usernames, cleartext passwords, device configurations, and API keys associated with firewalls running PAN-OS software. An OS command injection vulnerability, identified as CVE-2025-0107, allows authenticated attackers to execute arbitrary OS commands, potentially leading to data breaches and system compromise. Other vulnerabilities include SQL injection (CVE-2025-0103), reflected cross-site scripting (CVE-2025-0104), arbitrary file deletion (CVE-2025-0105) and a wildcard expansion enumeration (CVE-2025-0106).

The Expedition tool, intended for firewall migration and optimization, reached its End of Life (EoL) on December 31, 2024, and is no longer supported or updated. Organizations are strongly advised to transition away from using Expedition and to explore alternative migration tools. While Palo Alto Networks has released patches in versions 1.2.100 and 1.2.101, no further updates are planned for the tool. Until users can migrate, it is recommended to restrict network access to Expedition to only authorized users, hosts, and networks, or to shut down the service if it's not in use.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • gbhackers.com: Palo Alto Networks Expedition Tool Vulnerability Let Attackers Access Cleartext Passwords
  • : Palo Alto Networks security advisories 08 January 2025: Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials
  • securityonline.info: CISA Alerts on Actively Exploited Vulnerabilities in Mitel MiCollab and Oracle WebLogic Server
  • ciso2ciso.com: Mitel 0-day, 5-year-old Oracle RCE bug under active exploit – Source: go.theregister.com
  • The Hacker News: CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
  • Latest from TechRadar: CISA says Oracle and Mitel have critical security flaws being exploited
  • ciso2ciso.com: Mitel 0-day, 5-year-old Oracle RCE bug under active exploit – Source: go.theregister.com
  • gbhackers.com: Palo Alto Networks Expedition Tool Vulnerability Let Attackers Access Cleartext Passwords
  • securityonline.info: Mutiple Vulnerabilities Found in Palo Alto Networks Expedition Tool
  • socca.tech: CVE-2025-0107: (Palo Alto Networks Expedition: Medium)
  • Security Risk Advisors: Multiple Vulnerabilities in Palo Alto Networks Expedition Tool Allow Exposure of Firewall Credentials
Classification:
  • HashTags: #PaloAltoNetworks #ExpeditionTool #Vulnerability
  • Company: Palo Alto Networks
  • Target: Palo Alto Networks Users
  • Product: Expedition
  • Feature: OS Command Injection
  • Type: Vulnerability
  • Severity: Major
@www.bleepingcomputer.com //

Aquabot botnet exploits Mitel SIP flaws

A new Mirai botnet variant, named Aquabot, has emerged, actively exploiting a command injection vulnerability, identified as CVE-2024-41710, in Mitel SIP phones. This malware targets Mitel 6800, 6900, and 6900w series phones, including the 6970 Conference Unit, and is being used to construct a botnet for launching distributed denial-of-service (DDoS) attacks. The Aquabot malware utilizes a proof-of-concept code previously published to spread to vulnerable devices.

The Aquabot botnet stands out due to its novel ability to communicate with its command and control server when it detects a kill signal attempting to terminate the malware on an infected device. This behaviour is new for a Mirai variant, and could be a method for the botnet author to monitor its health. The exploit, discovered in January 2025, roughly six months after the vulnerability was publicly disclosed by Mitel, injects a shell script that downloads and executes the Mirai malware onto targeted systems.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • ciso2ciso.com: Aquabot Botnet Targeting Vulnerable Mitel Phones – Source: www.securityweek.com
  • ciso2ciso.com: A Mirai-based malware family, Aquabot, started targeting vulnerable Mitel SIP phones to build a botnet for DDoS attacks.
  • The Register: A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai's Security Intelligence and Response Team.
  • go.theregister.com: Why is my Mitel phone DDoSing strangers?
  • Pyrzout :vm:: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet – Source: go.theregister.com
  • ciso2ciso.com: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
  • The Hacker News: New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
  • www.theregister.com: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
  • www.bleepingcomputer.com: New Aquabotv3 Botnet Malware Targets Mitel Command Injection Flaw
  • AAKL: The Register: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
  • gbhackers.com: New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability
  • securityaffairs.com: Aquabot, a new variant of Mirai-based malware, actively targeting Mitel SIP phones.
  • gbhackers.com: New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability
  • BleepingComputer: New Aquabotv3 botnet malware targets Mitel command injection flaw
Classification:
  • HashTags: #Aquabot #Mitel #Botnet
  • Company: Mitel
  • Target: Mitel Phones
  • Product: Mitel SIP phones
  • Feature: command injection
  • Malware: Aquabot
  • Type: Malware
  • Severity: Major

Posts

Blogs

Research Tools