CVE-2024-9465

Published Oct 9, 2024

Last updated 2 months ago

Exploit knownCVSS critical 9.2

Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024

Following Palo Alto's announcement of several vulnerabilities in their configuration generation tool Expedition, Horizon released a technical breakdown. In addition to this, watchTowr also released a proof of concept for CVE-2024-9463.

These vulnerabilities are trivial to exploit pose a significant risk to Expedition, whether you expose this to the internet or not.

While this software is not commonly exposed to the internet, a significant risk still remains where an attacker can access the device from the same network as Expedition.

Overview

Description
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Source
psirt@paloaltonetworks.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks Expedition SQL Injection Vulnerability
Exploit added on
Nov 14, 2024
Exploit action due
Dec 5, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-89
psirt@paloaltonetworks.com
CWE-89

Social media

Hype score
Not currently trending

  1. 🔴 Palo Alto Networks Expedition, SQL Injection Vulnerability, #CVE-2024-9465 (Critical) https://t.co/6V5CU7aofs

    @dailycve

    7 Dec 2024

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔴 Palo Alto Networks Expedition: Critical SQL Injection (#CVE-2024-9465) - Critical https://t.co/WMAv0Z4L9N

    @dailycve

    28 Nov 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) | #HelpNetSecurity #CyberSecurity https://t.co/ZSldIcYzTc

    @imabit_inc

    28 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Attention, CVE-2024-9465 has recently been classified as a CISA Known Exploited Vulnerability (KEV) related to Palo Alto Networks. Know more about it and act now to safeguard your organization: https://t.co/KJa4JH3uOg #KEV #CyberSecurity #CVE #VulnerabilityManagement #CISO http

    @attaxion

    21 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-49039 is getting exploited #inthewild. Find out more at https://t.co/AJsoh7ru2y CVE-2024-4741 is getting exploited #inthewild. Find out more at https://t.co/UGfCxJVbNl CVE-2024-9465 is getting exploited #inthewild. Find out more at https://t.co/qeG2n7ew9k

    @inthewildio

    19 Nov 2024

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA warns of actively exploited Palo Alto Networks Expedition flaws (CVE-2024-9463, CVE-2024-9465). Update by Dec 5th to avoid OS & SQL injection. #Cybersecurity #Palo https://t.co/6sUBpw0yr5

    @TLDRStories

    18 Nov 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 10月に修正されたPalo Alto製移行ツール「Expedition」の5つの脆弱性の内「CVE-2024-9463」と「CVE-2024-9465」は悪用が確認されています。 これらの対応としては、アップデートだけでなく、処理されたユーザー名、パスワード、APIキーなどを変更する必要があるそうです。 https://t.co/u8eZHVKzVp

    @ntsuji

    18 Nov 2024

    2964 Impressions

    3 Retweets

    19 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  8. Palo Alto Networks ファイアウォール、Expedition が攻撃を受ける (CVE-2024-9463、CVE-2024-9465) Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) #HelpNetSecurity (Nov 15) https://t.co/5PXr6Ovxcb

    @foxbook

    17 Nov 2024

    211 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @cyberpuck01

    16 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Palo Alto Networks has confirmed that hackers are exploiting a critical zero-day vulnerability in its firewall products, identified as CVE-2024-9463 and CVE-2024-9465. These vulnerabilities enable remote code execution with a high severity score of 9.3. No patch is available yet,

    @XArthurDent

    15 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) - Help Net Security https://t.co/0cMKoNId2M

    @TheCyberSecHub

    15 Nov 2024

    663 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    1 Quote

  12. CISA warns of more Palo Alto Networks bugs exploited in attacks: https://t.co/dRbHKsVIGP CISA has warned of two critical vulnerabilities in Palo Alto Networks' Expedition migration tool, CVE-2024-9463 (unauthenticated command injection) and CVE-2024-9465 (SQL injection), which…

    @securityRSS

    15 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Two critical #vulnerabilities discovered - CVE-2024-9463 & CVE-2024-9465. These affect systems running Expedition migration tool for Checkpoint & Cisco configurations. Risks include #CommandInjection & #SQLinjection attacks. https://t.co/KG0lXy4skZ

    @MalwarePatrol

    15 Nov 2024

    79 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVSS 9.9 Alert - Two critical vulnerabilities have been actively exploited in Palo Alto Networks Expedition. 🚨 CVE-2024-9463 (9.9) - OS command injection vulnerability 🚨 CVE-2024-9465 (9.2) - SQL injection vulnerability These flaws could allow attackers to gain unauthorized…

    @cytexsmb

    15 Nov 2024

    334 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    3 Quotes

  15. .@CISACyber We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/ueshM6Ecst & apply mitigations to protect your org from cyberattacks. #Cybersecurity #infosec

    @CEEKTechnology

    15 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CISA adds Palo Alto flaws to KEV Catalog #PaloAlto #CVE-2024-9463 #CVE-2024-9465 https://t.co/GPcrbiBRSa

    @pravin_karthik

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Vulnerabilità Expedition di Palo Alto Networks sfruttata attivamente Sicurezza Informatica, cisa, CVE-2024-9463, CVE-2024-9465, Expedition, Palo Alto Networks, vulnerabilità https://t.co/zfSdVCO2Hj https://t.co/6xARUpUMcs

    @matricedigitale

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CISA Flags Critical Exploits in Palo Alto Networks' Expedition with Public PoC Code Urgent warning about critical vulnerabilities in Palo Alto Networks Expedition: CVE-2024-9463 and CVE-2024-9465. Take action to protect your organization. https://t.co/e3jErK3lK8

    @the_yellow_fall

    15 Nov 2024

    5 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-9465 Palo Alto Networks #Expedition SQL Injection Vulnerability https://t.co/Vj8sukBQXu

    @ScyScan

    14 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🛡️ We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/LKBPwYykh

    @CISACyber

    14 Nov 2024

    5848 Impressions

    39 Retweets

    57 Likes

    6 Bookmarks

    3 Replies

    3 Quotes

  21. 🚨 5:35 AM exploit session in progress📷 #CVE-2024-9465 hits Palo Alto's Expedition with unauth SQL injection, exposing password hashes, usernames & more. Find vuln networks: SHODAN: http.favicon.hash:1499876150 https://t.co/ovdVAnhdGZ

    @Yetmez1526

    3 Nov 2024

    5 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @Darkweb_wirespy

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @JonesAdakole

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Palo Alto 社の PAN-SA-2024-0010 にて公表された SQLi (CVE-2024-9465) の EPSS 値が大きく上昇しています。 ## CVE ID: CVE-2024-9465 | Date | EPSS | Percentile | |------------|--------|------------| | 2024-10-16 | 0.181470000 | 0.962860000 | | 2024-10-15 | 0.000500000 | 0.203390000 |… https://t.co/qFBYCrv4

    @springmoon6

    987 Impressions

    2 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  27. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @edhacktools

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References