Sensitive Information Vulnerability in Palo Alto Networks Expedition
CVE-2024-9466
Key Information:
- Vendor
- Palo Alto Networks
- Status
- Vendor
- CVE Published:
- 9 October 2024
Badges
Summary
The vulnerability CVE-2024-9466 in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. The flaws were found in Palo Alto Networks' Expedition solution, which can be exploited to access sensitive data, such as user credentials, that can help take over firewall admin accounts. The vulnerabilities include command injection, reflected cross-site scripting, cleartext storage of sensitive information, missing authentication, and SQL injection vulnerabilities. A proof-of-concept exploit has been made available, but there is no evidence that the security flaws have been exploited in attacks. Palo Alto Networks has provided security updates in Expedition 1.2.96 to address these vulnerabilities and recommend that affected credentials be rotated after the upgrade.
Affected Version(s)
Expedition 1.2.0 < 1.2.96
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by BleepingComputer
Vulnerability published