OS Command Injection Vulnerability in Palo Alto Networks Expedition
CVE-2024-9464

6.5MEDIUM

Key Information:

Vendor
Palo Alto Networks
Status
Expedition
Vendor
CVE Published:
9 October 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 7,240πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2024-9464?

CVE-2024-9464 is a critical vulnerability found in Palo Alto Networks Expedition, a tool used for managing and optimizing the configuration of Palo Alto Networks' firewall products. This vulnerability enables an authenticated attacker to perform OS command injection, which could allow them to execute arbitrary commands as root. This exploitation could have serious consequences for organizations, including the potential exposure of sensitive information such as usernames, cleartext passwords, device configurations, and API keys used to manage PAN-OS firewalls.

Technical Details

The vulnerability exists due to improper input validation within Palo Alto Networks Expedition, which can be leveraged by attackers with authenticated access. By exploiting this flaw, an attacker can craft specific inputs that the system fails to properly sanitize, leading to the execution of arbitrary commands. The exploitation can occur without the need to escalate privileges, as access is granted to the root level within the application context.

Impact of the Vulnerability

  1. Data Exposure: Successful exploitation can lead to the unauthorized disclosure of sensitive information, including usernames, passwords, and device configurations, which may be vital for maintaining secure network operations.

  2. Compromise of Security Credentials: With access to API keys and cleartext passwords, attackers could potentially gain further access to network resources and management interfaces, escalating the risk of a full security breach.

  3. System Integrity Risks: The ability to execute arbitrary OS commands as root can allow attackers to alter or degrade the integrity of the affected systems, potentially leading to system malfunctions, further exploitation, or even additional attacks within the organization's network.

Affected Version(s)

Expedition 1.2.0 < 1.2.96

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9464 - Proof of Concept

CVE-2024-9464
Created by horizon3ai

News Articles

favicon imageBleepingComputer

CISA warns of more Palo Alto Networks bugs exploited in attacks

CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited in attacks.

2 months ago

favicon imageBleepingComputer

Palo Alto Networks warns of potential PAN-OS RCE vulnerability

Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface.

2 months ago

References

https://security.paloaltonetworks.com/PAN-SA-2024-0010
vendor-advisory
https://www.horizon3.ai/attack-research/palo-alto-expedit...
exploit

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by BleepingComputer

  • Vulnerability published

Collectors

NVD DatabaseMitre Database2 Proof of Concept(s)8 News Article(s)

Credit

Zach Hanley (@hacks_zach) of Horizon3.ai
Enrique Castillo of Palo Alto Networks
.