CVE-2024-9463: Palo Alto Networks Expedition OS Command Injection Vulnerability
First published: Wed Oct 09 2024(Updated: )
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Credit: psirt@paloaltonetworks.com psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palo Alto Networks Expedition | ||
| Palo Alto Networks Expedition | >=1.2.0<1.2.96 |
Remedy
The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions. All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-9463?
CVE-2024-9463 has been categorized as a critical vulnerability due to its potential exploitation allowing arbitrary OS command execution.
How do I fix CVE-2024-9463?
To mitigate CVE-2024-9463, upgrade Palo Alto Networks Expedition to a version later than 1.2.96.
What type of vulnerability is CVE-2024-9463?
CVE-2024-9463 is an OS command injection vulnerability that allows unauthorized command execution on the affected system.
What could an attacker gain from exploiting CVE-2024-9463?
Exploitation of CVE-2024-9463 could lead to the disclosure of sensitive information such as usernames, passwords, device configurations, and API keys.
Is authentication required to exploit CVE-2024-9463?
No, an unauthenticated attacker can exploit CVE-2024-9463 to execute arbitrary commands on the affected system.
- agent/type
- agent/first-publish-date
- agent/severity
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/remedy
- agent/description
- agent/softwarecombine
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-9463
- alias/CVE-2024-9465
- alias/CVE-2024-5910
- alias/CVE-2024-9464
- agent/last-modified-date
- collector/the-register
- source/The Register
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/event
- agent/trending
- agent/epss
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- vendor/palo alto networks
- canonical/palo alto networks expedition
- vendor/paloaltonetworks
- version/palo alto networks expedition/1.2.0