Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9463

7.5HIGH

Key Information

Status
Expedition
Vendor
CVE Published:
9 October 2024

Badges

👾 Exploit Exists🟣 EPSS 96%📰 News Worthy

Summary

The Palo Alto Networks Expedition tool has multiple critical vulnerabilities (CVE-2024-9463 to CVE-2024-9467) including OS command injection, SQL injection, cleartext storage of sensitive information, and cross-site scripting. These vulnerabilities can result in unauthorized access, credential theft, and administrative takeover. The vulnerabilities affect all versions of Expedition below 1.2.96, and urgent patching is recommended. The potential impact of exploitation includes disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls, with the risk of sensitive data theft. There are no known exploits by ransomware groups at this time, but proactive measures such as upgrading to the latest version of Expedition, limiting network access, rotating credentials, and monitoring access logs are advised to minimize the risk of exploitation.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-9463 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Expedition < 1.2.96

News Articles

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) - Help Net Security

Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks' Expedition.

1 month ago

CISA adds two more vulnerabilities in Palo Alto Networks tools to exploited catalogue

CISA expands Known Exploited Vulnerabilities Catalogue with two newly identified vulnerabilities in Palo Alto Networks' Expedition tool.

1 month ago

CISA Warns of Actors Exploiting Two Palo Alto Networks Vulnerabilities

CISA has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog.

1 month ago

Refferences

EPSS Score

96% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • CISA Reported

  • 👾

    Exploit known to exist

  • First article discovered by prophaze.com

  • Vulnerability published

Collectors

NVD DatabaseMitre DatabaseCISA Database7 News Article(s)

Credit

Enrique Castillo of Palo Alto Networks
.