CVE-2024-3393 is a high severity (CVSS v4.0 score 8.7) Denial of Service (DoS) vulnerability affecting specific versions of Palo Alto Networks PAN-OS DNS Security feature. This vulnerability allows unauthenticated attackers to send malicious packets through the data plane of the firewall. This forces the firewall to reboot. Repeated attempts can force the firewall into maintenance mode, requiring security teams to manually reset the firewall and significantly disrupting operations.

CVE-2024-53677 is a critical (9.5) remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework for building Java-based web apps. This vulnerability affects the framework’s file upload logic, allowing attackers to enable paths traversal and perform remote code execution using malicious files.

If you are like many CISOs, you feel pressure to increase the value of your security testing budget. And if you are one of the 53% of enterprises reporting stagnant or decreasing budgets in 2024, you have even more work cut out for you. Increasing testing value requires a re-evaluation of nearly everything. Tackle tool sprawl. Optimize workflows. Reduce false positives. Review cloud spend. All while demonstrating ROI even in the absence of incidents. This post is about ways to reach these goals.