UnAuthenticated SQL Injection Vulnerability in Palo Alto Networks Expedition

CVE-2024-9465

9.1CRITICAL

Key Information

Vendor
Palo Alto Networks
Status
Expedition
Vendor
CVE Published:
9 October 2024

Badges

👾 Exploit Exists🔴 Public PoC🟣 EPSS 94%📰 News Worthy

Summary

The articles discuss critical security vulnerabilities in various products from different vendors. The vulnerability in Palo Alto Networks Expedition allows unauthenticated attackers to reveal database contents, create and read arbitrary files, and execute arbitrary OS commands, potentially leading to the compromise of sensitive information and system control. Similarly, the Fortinet flaw in FortiOS, FortiPAM, FortiProxy, and FortiWeb results in remote code execution, while the Cisco Nexus Dashboard Fabric Controller flaw permits command execution attacks. All these vulnerabilities have high CVSS scores and are under active exploitation, prompting urgent security patches from the respective vendors. While there is no evidence of exploitation of the Palo Alto Networks Expedition vulnerabilities, steps to reproduce the problem are in the public domain, and it is recommended to limit access to authorized users and networks. These vulnerabilities pose significant risks, including data breaches and system compromise, highlighting the importance of timely patching and security measures.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-9465 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Expedition < 1.2.96

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2024-9465-poc
Created by XiaomingX

CVE-2024-9465
Created by horizon3ai

News Articles

favicon imageHelp Net Security

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) - Help Net Security

Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks' Expedition.

1 month ago

favicon imageTech Monitor

CISA adds two more vulnerabilities in Palo Alto Networks tools to exploited catalogue

CISA expands Known Exploited Vulnerabilities Catalogue with two newly identified vulnerabilities in Palo Alto Networks' Expedition tool.

1 month ago

favicon imageGBHackers News

CISA Warns of Actors Exploiting Two Palo Alto Networks Vulnerabilities

CISA has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog.

1 month ago

Refferences

https://security.paloaltonetworks.com/PAN-SA-2024-0010
vendor-advisory
https://www.horizon3.ai/attack-research/palo-alto-expedit...
exploit

EPSS Score

94% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔴

    Public PoC available

  • CISA Reported

  • 👾

    Exploit known to exist

  • First article discovered by The Hacker News

  • Vulnerability published

Collectors

NVD DatabaseMitre DatabaseCISA Database2 Proof of Concept(s)4 News Article(s)

Credit

Zach Hanley (@hacks_zach) of Horizon3.ai
Enrique Castillo of Palo Alto Networks
.