CVE-2024-9465: Palo Alto Networks Expedition SQL Injection Vulnerability
First published: Wed Oct 09 2024(Updated: )
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Credit: psirt@paloaltonetworks.com psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palo Alto Networks Expedition | ||
| Palo Alto Networks Expedition | >=1.2.0<1.2.96 |
Remedy
The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions. All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security.paloaltonetworks.com/PAN-SA-2024-0010
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/
- https://nvd.nist.gov/vuln/detail/CVE-2024-9465
- https://www.bleepingcomputer.com/news/security/cisa-warns-of-more-palo-alto-networks-bugs-exploited-in-attacks/
- https://www.theregister.com/2024/11/15/palo_alto_networks_firewall_zeroday/
Frequently Asked Questions
What is the severity of CVE-2024-9465?
CVE-2024-9465 is classified as a high-severity SQL injection vulnerability.
How do I fix CVE-2024-9465?
To fix CVE-2024-9465, upgrade Palo Alto Networks Expedition to version 1.2.96 or later.
What types of data are at risk due to CVE-2024-9465?
CVE-2024-9465 exposes sensitive data including password hashes, usernames, and device API keys.
Who is affected by CVE-2024-9465?
CVE-2024-9465 affects all versions of Palo Alto Networks Expedition from 1.2.0 up to 1.2.96.
Can an attacker exploit CVE-2024-9465 remotely?
Yes, CVE-2024-9465 can be exploited by unauthenticated attackers remotely.
- agent/type
- agent/first-publish-date
- agent/severity
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/remedy
- agent/description
- agent/softwarecombine
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-9463
- alias/CVE-2024-9465
- alias/CVE-2024-5910
- alias/CVE-2024-9464
- agent/last-modified-date
- collector/the-register
- source/The Register
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/trending
- agent/epss
- collector/epss-latest
- source/FIRST
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- vendor/palo alto networks
- canonical/palo alto networks expedition
- vendor/paloaltonetworks
- version/palo alto networks expedition/1.2.0