Palo Alto Networks Expedition OS Command Injection Vulnerability
CVE-2024-9463
Key Information
- Vendor
- Palo Alto Networks
- Status
- Expedition
- Vendor
- CVE Published:
- 9 October 2024
Badges
Summary
The Palo Alto Networks Expedition tool has multiple critical vulnerabilities (CVE-2024-9463 to CVE-2024-9467) including OS command injection, SQL injection, cleartext storage of sensitive information, and cross-site scripting. These vulnerabilities can result in unauthorized access, credential theft, and administrative takeover. The vulnerabilities affect all versions of Expedition below 1.2.96, and urgent patching is recommended. The potential impact of exploitation includes disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls, with the risk of sensitive data theft. There are no known exploits by ransomware groups at this time, but proactive measures such as upgrading to the latest version of Expedition, limiting network access, rotating credentials, and monitoring access logs are advised to minimize the risk of exploitation.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-9463 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Expedition < 1.2.96
News Articles
Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) - Help Net Security
Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks' Expedition.
1 month ago
CISA adds two more vulnerabilities in Palo Alto Networks tools to exploited catalogue
CISA expands Known Exploited Vulnerabilities Catalogue with two newly identified vulnerabilities in Palo Alto Networks' Expedition tool.
1 month ago
CISA Warns of Actors Exploiting Two Palo Alto Networks Vulnerabilities
CISA has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog.
1 month ago
Refferences
EPSS Score
96% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
CISA Reported
- 👾
Exploit known to exist
First article discovered by prophaze.com
Vulnerability published