⚠ Actively exploited

Added to CISA KEV on 2024-11-14. Federal agencies required to patch by 2024-12-05. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-9463 — OS Command Injection in Palo Alto Networks Expedition

CWE-78 — OS Command Injection13 documents10 sources

Severity

9.9CRITICALNVD

EPSS

94.2%

top 0.08%

CISA KEV

KEV

Added 2024-11-14

Due 2024-12-05

Exploit

Exploited in wild

Active exploitation observed

Affected products

Palo Alto Networks Expedition Paloaltonetworks Expedition

Timeline

PublishedOct 9

KEV addedNov 14

Latest updateNov 19

KEV dueDec 5

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N

Affected Packages2 packages

▶NVDpaloaltonetworks/expedition1.2.0 — 1.2.96

▶CVEListV5palo_alto_networks/expedition1.2.0 — 1.2.96

🔴Vulnerability Details

CVEList

Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure↗2024-10-09

▶

GHSA

GHSA-r2fh-mj7f-v33r: An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expe↗2024-10-09

▶

VulnCheck

Palo Alto Networks Expedition OS Command Injection Vulnerability↗2024

▶

💥Exploits & PoCs

Nuclei

PaloAlto Networks Expedition - Remote Code Execution

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Palo Alto Expedition Remote Code Execution (CVE-2024-9463)↗2024-11-19

▶

📋Vendor Advisories

CISA

Palo Alto Networks Expedition OS Command Injection Vulnerability↗2024-11-14

▶

🕵️Threat Intelligence

Bleepingcomputer

CISA warns of more Palo Alto Networks bugs exploited in attacks↗2024-11-14

▶

Wiz

Crying Out Cloud - November 2024 Newsletter | Wiz↗2024-11-01

▶

Wiz

3 Critical CVEs in Palo Alto Networks Expedition | Wiz Blog↗2024-10-10

▶

Wiz

3 Critical CVEs in Palo Alto Networks Expedition | Wiz Blog↗2024-10-10

▶

Bleepingcomputer

Palo Alto Networks warns of firewall hijack bugs with public exploit↗2024-10-09

▶