Palo Alto Networks’ Expedition tool, widely used for configuration migration, has been found to contain multiple critical vulnerabilities, identified as CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, and CVE-2024-9467. These flaws include OS command injection, SQL injection, cleartext storage of sensitive information, and cross-site scripting (XSS), which expose systems to significant security risks.
The vulnerabilities, with CVSS scores as high as 9.9, allow attackers to gain unauthorized access, steal credentials, and potentially take over Expedition systems entirely. Exploiting these issues is straightforward, requiring minimal complexity and no user interaction, making the risk even more severe.
Breakdown of Vulnerabilities:
OS Command Injection
(CVE-2024-9463, CVE-2024-9464): Allows attackers to execute arbitrary OS commands as root, leading to unauthorized access to sensitive data like firewall credentials and API keys.
SQL Injection
(CVE-2024-9465): Enables unauthenticated attackers to access the Expedition database, exposing password hashes, configuration details, and potentially writing files to the system.
Cleartext Storage of Sensitive Information
(CVE-2024-9466): Logs sensitive information in an insecure manner, risking exposure of vital data.
Reflected XSS
(CVE-2024-9467): Allows attackers to steal session information or execute phishing attacks via reflected cross-site scripting.
Risk and Urgency:
These vulnerabilities represent a substantial risk to organizations using Expedition. Immediate patching and securing of instances are strongly recommended to prevent unauthorized access, data theft, and system compromise.
