← volver
CVE-2024-9464

Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disclosure

CVSS 9.3 CRITICALEPSS 81.7%CWE-78
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber
Productos afectados
Palo Alto Networks · Expedition
PoCs públicas encontradas2
githubgithub.com/horizon3ai/CVE-2024-946444cve_referencewww.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://security.paloaltonetworks.com/PAN-SA-2024-0010https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/