CVE-2024-9465

Published Oct 9, 2024

Last updated 2 days ago

Exploit knownCVSS critical 9.2

Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024

Following Palo Alto's announcement of several vulnerabilities in their configuration generation tool Expedition, Horizon released a technical breakdown. In addition to this, watchTowr also released a proof of concept for CVE-2024-9463.

These vulnerabilities are trivial to exploit pose a significant risk to Expedition, whether you expose this to the internet or not.

While this software is not commonly exposed to the internet, a significant risk still remains where an attacker can access the device from the same network as Expedition.

Overview

Description
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Source
psirt@paloaltonetworks.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks Expedition SQL Injection Vulnerability
Exploit added on
Nov 14, 2024
Exploit action due
Dec 5, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-89
psirt@paloaltonetworks.com
CWE-89

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @cyberpuck01

    16 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Palo Alto Networks has confirmed that hackers are exploiting a critical zero-day vulnerability in its firewall products, identified as CVE-2024-9463 and CVE-2024-9465. These vulnerabilities enable remote code execution with a high severity score of 9.3. No patch is available yet,

    @XArthurDent

    15 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) - Help Net Security https://t.co/0cMKoNId2M

    @TheCyberSecHub

    15 Nov 2024

    663 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    1 Quote

  4. CISA warns of more Palo Alto Networks bugs exploited in attacks: https://t.co/dRbHKsVIGP CISA has warned of two critical vulnerabilities in Palo Alto Networks' Expedition migration tool, CVE-2024-9463 (unauthenticated command injection) and CVE-2024-9465 (SQL injection), which…

    @securityRSS

    15 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Two critical #vulnerabilities discovered - CVE-2024-9463 & CVE-2024-9465. These affect systems running Expedition migration tool for Checkpoint & Cisco configurations. Risks include #CommandInjection & #SQLinjection attacks. https://t.co/KG0lXy4skZ

    @MalwarePatrol

    15 Nov 2024

    79 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVSS 9.9 Alert - Two critical vulnerabilities have been actively exploited in Palo Alto Networks Expedition. 🚨 CVE-2024-9463 (9.9) - OS command injection vulnerability 🚨 CVE-2024-9465 (9.2) - SQL injection vulnerability These flaws could allow attackers to gain unauthorized…

    @cytexsmb

    15 Nov 2024

    334 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    3 Quotes

  7. .@CISACyber We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/ueshM6Ecst & apply mitigations to protect your org from cyberattacks. #Cybersecurity #infosec

    @CEEKTechnology

    15 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CISA adds Palo Alto flaws to KEV Catalog #PaloAlto #CVE-2024-9463 #CVE-2024-9465 https://t.co/GPcrbiBRSa

    @pravin_karthik

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Vulnerabilità Expedition di Palo Alto Networks sfruttata attivamente Sicurezza Informatica, cisa, CVE-2024-9463, CVE-2024-9465, Expedition, Palo Alto Networks, vulnerabilità https://t.co/zfSdVCO2Hj https://t.co/6xARUpUMcs

    @matricedigitale

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CISA Flags Critical Exploits in Palo Alto Networks' Expedition with Public PoC Code Urgent warning about critical vulnerabilities in Palo Alto Networks Expedition: CVE-2024-9463 and CVE-2024-9465. Take action to protect your organization. https://t.co/e3jErK3lK8

    @the_yellow_fall

    15 Nov 2024

    5 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-9465 Palo Alto Networks #Expedition SQL Injection Vulnerability https://t.co/Vj8sukBQXu

    @ScyScan

    14 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🛡️ We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/LKBPwYykh

    @CISACyber

    14 Nov 2024

    5848 Impressions

    39 Retweets

    57 Likes

    6 Bookmarks

    3 Replies

    3 Quotes

  13. 🚨 5:35 AM exploit session in progress📷 #CVE-2024-9465 hits Palo Alto's Expedition with unauth SQL injection, exposing password hashes, usernames & more. Find vuln networks: SHODAN: http.favicon.hash:1499876150 https://t.co/ovdVAnhdGZ

    @Yetmez1526

    3 Nov 2024

    5 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @Darkweb_wirespy

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @JonesAdakole

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Palo Alto 社の PAN-SA-2024-0010 にて公表された SQLi (CVE-2024-9465) の EPSS 値が大きく上昇しています。 ## CVE ID: CVE-2024-9465 | Date | EPSS | Percentile | |------------|--------|------------| | 2024-10-16 | 0.181470000 | 0.962860000 | | 2024-10-15 | 0.000500000 | 0.203390000 |… https://t.co/qFBYCrv4

    @springmoon6

    987 Impressions

    2 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @edhacktools

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References