First published: Wed Oct 09 2024(Updated: )
Multiple vulnerabilities in Palo Alto Networks Expedition allow an attacker to read Expedition database contents and arbitrary files, as well as write arbitrary files to temporary storage locations on the Expedition system. Combined, these include information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. These issues do not affect the firewalls, Panorama, Prisma Access, or Cloud NGFW.
Affected Software | Affected Version | How to fix |
---|---|---|
Palo Alto Networks Expedition | <1.2.96=unspecified | |
Palo Alto Networks Cloud NGFW | ||
Palo Alto Networks Panorama | ||
Palo Alto Networks PAN-OS | ||
Palo Alto Networks Prisma Access |
Ensure networks access to Expedition is restricted to authorized users, hosts, or networks. If Expedition is not in active use, ensure that Expedition software is shut down. For CVE-2024-9465, you can check for an indicator of compromise with the following command on an Expedition system (replace "root" with your username if you are using a different username): mysql -uroot -p -D pandb -e "SELECT * FROM cronjobs;" If you see any records returned, this indicates a potential compromise. Please note that if no records are returned, the system may still be compromised. This is only intended to indicate a potential compromise, rather than confirm a system has not been compromised. There are no practical indicators of compromise for the remainder of the CVEs in this advisory.
The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions. The cleartext file affected by CVE-2024-9466 will be removed automatically during the upgrade. All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.