CVE-2024-9464: Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disclosure
First published: Wed Oct 09 2024(Updated: )
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palo Alto Networks Expedition | >=1.2.0<1.2.96 |
Remedy
The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions. All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-firewall-hijack-bugs-with-public-exploit/
- https://security.paloaltonetworks.com/PAN-SA-2024-0010
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/
- https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-palo-alto-networks-bug-exploited-in-attacks/
- https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-potential-pan-os-rce-vulnerability/
- https://www.bleepingcomputer.com/news/security/cisa-warns-of-more-palo-alto-networks-bugs-exploited-in-attacks/
Frequently Asked Questions
What is the severity of CVE-2024-9464?
CVE-2024-9464 is considered a critical vulnerability due to its potential to allow authenticated attackers to execute arbitrary OS commands as root.
How do I fix CVE-2024-9464?
To fix CVE-2024-9464, upgrade Palo Alto Networks Expedition to a version beyond 1.2.96.
What impact does CVE-2024-9464 have on users?
CVE-2024-9464 can lead to the disclosure of sensitive information, including usernames, passwords, and device configurations.
Who is affected by CVE-2024-9464?
CVE-2024-9464 affects authenticated users of Palo Alto Networks Expedition versions between 1.2.0 and 1.2.96.
Can CVE-2024-9464 be exploited remotely?
CVE-2024-9464 requires authentication, so it cannot be exploited remotely without valid user credentials.
- agent/weakness
- agent/remedy
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-5910
- alias/CVE-2024-9464
- alias/CVE-2024-9466
- agent/title
- agent/severity
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- alias/CVE-2024-9463
- alias/CVE-2024-9465
- agent/references
- agent/event
- agent/trending
- agent/epss
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/paloaltonetworks
- canonical/palo alto networks expedition
- version/palo alto networks expedition/1.2.0