CVE-2024-9463

Published Oct 9, 2024

Last updated 2 months ago

Exploit knownCVSS critical 9.9

Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024

Following Palo Alto's announcement of several vulnerabilities in their configuration generation tool Expedition, Horizon released a technical breakdown. In addition to this, watchTowr also released a proof of concept for CVE-2024-9463.

These vulnerabilities are trivial to exploit pose a significant risk to Expedition, whether you expose this to the internet or not.

While this software is not commonly exposed to the internet, a significant risk still remains where an attacker can access the device from the same network as Expedition.

Overview

Description
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Source
psirt@paloaltonetworks.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks Expedition OS Command Injection Vulnerability
Exploit added on
Nov 14, 2024
Exploit action due
Dec 5, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-78
psirt@paloaltonetworks.com
CWE-78

Social media

Hype score
Not currently trending

  1. Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) | #HelpNetSecurity #CyberSecurity https://t.co/ZSldIcYzTc

    @imabit_inc

    28 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2024-9463

    @transilienceai

    21 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. CVE-2024-1212 is getting exploited #inthewild. Find out more at https://t.co/CJXwYDWUv3 CVE-2024-9463 is getting exploited #inthewild. Find out more at https://t.co/1tb5ZXWUiM

    @inthewildio

    19 Nov 2024

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-9463 is getting exploited #inthewild. Find out more at https://t.co/1tb5ZXWUiM CVE-2024-9474 is getting exploited #inthewild. Find out more at https://t.co/4mYMUZJast CVE-2024-0012 is getting exploited #inthewild. Find out more at https://t.co/QEsNwNF3YH

    @inthewildio

    19 Nov 2024

    119 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISA warns of actively exploited Palo Alto Networks Expedition flaws (CVE-2024-9463, CVE-2024-9465). Update by Dec 5th to avoid OS & SQL injection. #Cybersecurity #Palo https://t.co/6sUBpw0yr5

    @TLDRStories

    18 Nov 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 10月に修正されたPalo Alto製移行ツール「Expedition」の5つの脆弱性の内「CVE-2024-9463」と「CVE-2024-9465」は悪用が確認されています。 これらの対応としては、アップデートだけでなく、処理されたユーザー名、パスワード、APIキーなどを変更する必要があるそうです。 https://t.co/u8eZHVKzVp

    @ntsuji

    18 Nov 2024

    2964 Impressions

    3 Retweets

    19 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  7. Palo Alto Networks ファイアウォール、Expedition が攻撃を受ける (CVE-2024-9463、CVE-2024-9465) Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) #HelpNetSecurity (Nov 15) https://t.co/5PXr6Ovxcb

    @foxbook

    17 Nov 2024

    211 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. PAN-OS Expedition-da “Autentifikasiyasız əmr yerinə yetirmə” (Unauthenticated Command Injection) boşluğu (CVE-2024-9463) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/8X2YyKTT7I

    @CERTAzerbaijan

    17 Nov 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @cyberpuck01

    16 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Critical RCE Vulnerability in Palo Alto Networks Expedition (#CVE-2024-9463) https://t.co/XannDvEJmr

    @UndercodeNews

    16 Nov 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Palo Alto Networks has confirmed that hackers are exploiting a critical zero-day vulnerability in its firewall products, identified as CVE-2024-9463 and CVE-2024-9465. These vulnerabilities enable remote code execution with a high severity score of 9.3. No patch is available yet,

    @XArthurDent

    15 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) - Help Net Security https://t.co/0cMKoNId2M

    @TheCyberSecHub

    15 Nov 2024

    663 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    1 Quote

  13. CISA warns of more Palo Alto Networks bugs exploited in attacks: https://t.co/dRbHKsVIGP CISA has warned of two critical vulnerabilities in Palo Alto Networks' Expedition migration tool, CVE-2024-9463 (unauthenticated command injection) and CVE-2024-9465 (SQL injection), which…

    @securityRSS

    15 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Two critical #vulnerabilities discovered - CVE-2024-9463 & CVE-2024-9465. These affect systems running Expedition migration tool for Checkpoint & Cisco configurations. Risks include #CommandInjection & #SQLinjection attacks. https://t.co/KG0lXy4skZ

    @MalwarePatrol

    15 Nov 2024

    79 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVSS 9.9 Alert - Two critical vulnerabilities have been actively exploited in Palo Alto Networks Expedition. 🚨 CVE-2024-9463 (9.9) - OS command injection vulnerability 🚨 CVE-2024-9465 (9.2) - SQL injection vulnerability These flaws could allow attackers to gain unauthorized…

    @cytexsmb

    15 Nov 2024

    334 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    3 Quotes

  16. .@CISACyber We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/ueshM6Ecst & apply mitigations to protect your org from cyberattacks. #Cybersecurity #infosec

    @CEEKTechnology

    15 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CISA adds Palo Alto flaws to KEV Catalog #PaloAlto #CVE-2024-9463 #CVE-2024-9465 https://t.co/GPcrbiBRSa

    @pravin_karthik

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Vulnerabilità Expedition di Palo Alto Networks sfruttata attivamente Sicurezza Informatica, cisa, CVE-2024-9463, CVE-2024-9465, Expedition, Palo Alto Networks, vulnerabilità https://t.co/zfSdVCO2Hj https://t.co/6xARUpUMcs

    @matricedigitale

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 CVE Alert: Palo Alto Networks Expedition OS Command Injection Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-9463 (CVSS 9.9/10) Palo Alto Networks Expedition OS Command Injection Vulnerability Impact A Successful exploit may allows an unauthenticated…

    @CyberxtronTech

    15 Nov 2024

    58 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  20. CISA Flags Critical Exploits in Palo Alto Networks' Expedition with Public PoC Code Urgent warning about critical vulnerabilities in Palo Alto Networks Expedition: CVE-2024-9463 and CVE-2024-9465. Take action to protect your organization. https://t.co/e3jErK3lK8

    @the_yellow_fall

    15 Nov 2024

    5 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-9463 Palo Alto Networks #Expedition OS Command Injection Vulnerability https://t.co/n18RFcXenB

    @ScyScan

    14 Nov 2024

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🛡️ We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/LKBPwYykh

    @CISACyber

    14 Nov 2024

    5848 Impressions

    39 Retweets

    57 Likes

    6 Bookmarks

    3 Replies

    3 Quotes

  23. Actively exploited CVE : CVE-2024-9463

    @transilienceai

    23 Oct 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @edhacktools

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @Darkweb_wirespy

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @JonesAdakole

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References