OS Command Injection Vulnerability in Palo Alto Networks Expedition

Summary

Palo Alto Networks Expedition is affected by multiple critical vulnerabilities, including OS command injection, SQL injection, cleartext storage of sensitive information, and cross-site scripting (XSS). These vulnerabilities, with high CVSS scores, can lead to unauthorized access, credential theft, and administrative takeover. The vulnerabilities affect all versions of Expedition below 1.2.96 and could result in the disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. Urgent action is recommended, including upgrading to the latest version, limiting network access to authorized personnel, rotating credentials, monitoring logs for signs of unauthorized activity, and shutting down unused instances. There is no evidence of known exploitations in the wild, but the risks of exploitation make it critical to address these vulnerabilities promptly.

News Articles

wiz.io

CVE-2024-9463CVE-2024-9464

3 Critical CVEs in Palo Alto Networks Expedition | Wiz Blog

Urgent: Multiple critical vulnerabilities in Palo Alto Expedition require immediate patching. Learn about CVE-2024-9463 to CVE-2024-9467 and mitigation steps.

6 days ago

The Hacker News

CVE-2024-9464CVE-2024-9465

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

CISA flags a critical Fortinet flaw under active exploitation. Palo Alto Networks and Cisco also release urgent security patches.

6 days ago

BleepingComputer

CVE-2024-9464CVE-2024-9466

Palo Alto Networks warns of firewall hijack bugs with public exploit

Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls.

1 week ago