The vulnerability affects Palo Alto Networks’ Expedition migration tool and was originally disclosed in July.

A critical-severity vulnerability affecting a Palo Alto Networks tool — originally disclosed in July — is now known to have been exploited in cyberattacks, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

CISA released an advisory Thursday mentioning the vulnerability (tracked at CVE-2024-5910), which affects Palo Alto Networks’ Expedition migration tool.

[Related: 10 Major Cyberattacks And Data Breaches In 2024 (So Far)]

The federal cybersecurity agency added the bug to its catalog of vulnerabilities known to have seen exploitation in the wild, along with three other software flaws from other vendors. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in the advisory.

While the order only applies to Federal Civilian Executive Branch agencies, “CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation” of actively exploited vulnerabilities such as the Palo Alto Networks flaw, the agency said.

CRN has reached out to Palo Alto Networks for comment.

The missing authentication vulnerability “can lead to an Expedition admin account takeover for attackers with network access to Expedition,” Palo Alto Networks said during its initial advisory about the flaw on July 10.

At the time, Palo Alto Networks said it wasn’t aware of exploitation of the vulnerability. The advisory does not appear to have been updated as of this writing.

The Palo Alto Networks Expedition vulnerability has received a “critical” severity rating of 9.3 out of 10.0.