UnAuthenticated SQL Injection Vulnerability in Palo Alto Networks Expedition
CVE-2024-9465

9.1CRITICAL

Key Information:

Vendor
Palo Alto Networks
Status
Expedition
Vendor
CVE Published:
9 October 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 94%πŸ¦… CISA ReportedπŸ“° News Worthy

Summary

An SQL injection flaw in Palo Alto Networks Expedition presents a serious risk by allowing unauthenticated attackers to access and extract sensitive data from the Expedition database. This includes potential exposure of password hashes, usernames, device configurations, and API keys, all of which can be leveraged to enhance the attacker's capability. Additionally, the vulnerability enables unauthorized file creation and reading within the Expedition environment, raising significant concerns for data integrity and confidentiality.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Expedition 1.2.0 < 1.2.96

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2024-9465-poc
Created by XiaomingX

CVE-2024-9465
Created by horizon3ai

News Articles

favicon imageHelp Net Security

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) - Help Net Security

Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks' Expedition.

3 months ago

favicon imageTech Monitor

CISA adds two more vulnerabilities in Palo Alto Networks tools to exploited catalogue

CISA expands Known Exploited Vulnerabilities Catalogue with two newly identified vulnerabilities in Palo Alto Networks' Expedition tool.

3 months ago

favicon imageGBHackers News

CISA Warns of Actors Exploiting Two Palo Alto Networks Vulnerabilities

CISA has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog.

3 months ago

References

https://security.paloaltonetworks.com/PAN-SA-2024-0010
vendor-advisory
https://www.horizon3.ai/attack-research/palo-alto-expedit...
exploit

EPSS Score

94% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ¦…

    CISA Reported

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by The Hacker News

  • Vulnerability published

Credit

Zach Hanley (@hacks_zach) of Horizon3.ai
Enrique Castillo of Palo Alto Networks
.