OS Command Injection Vulnerability in Palo Alto Networks Expedition
Key Information
- Vendor
- Palo Alto Networks
- Status
- Expedition
- Vendor
- CVE Published:
- 9 October 2024
Badges
Summary
Palo Alto Networks Expedition is affected by multiple critical vulnerabilities, including OS command injection, SQL injection, cleartext storage of sensitive information, and cross-site scripting (XSS). These vulnerabilities, with high CVSS scores, can lead to unauthorized access, credential theft, and administrative takeover. The vulnerabilities affect all versions of Expedition below 1.2.96 and could result in the disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. Urgent action is recommended, including upgrading to the latest version, limiting network access to authorized personnel, rotating credentials, monitoring logs for signs of unauthorized activity, and shutting down unused instances. There is no evidence of known exploitations in the wild, but the risks of exploitation make it critical to address these vulnerabilities promptly.
Affected Version(s)
Expedition < 1.2.96
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA warns of more Palo Alto Networks bugs exploited in attacks
CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited in attacks.
1 week ago
Palo Alto Networks warns of potential PAN-OS RCE vulnerability
Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface.
2 weeks ago
CVSS V3.1
Timeline
Vulnerability started trending.
- ๐พ
Exploit exists.
First article discovered by BleepingComputer
Initial publication
Vulnerability published.