Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-9464OS Command Injection in Palo Alto Networks Expedition

CWE-78OS Command Injection12 documents7 sources
Severity
9.3CRITICALNVD
EPSS
85.3%
top 0.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Palo Alto Networks ExpeditionPaloaltonetworks Expedition
Timeline
PublishedOct 9
Latest updateNov 14

Description

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N

Affected Packages2 packages

NVDpaloaltonetworks/expedition1.2.01.2.96
CVEListV5palo_alto_networks/expedition1.2.01.2.96

🔴Vulnerability Details

2
CVEList
Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disclosure2024-10-09
GHSA
GHSA-r7wf-fpff-w68q: An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedi2024-10-09

💥Exploits & PoCs

1
Metasploit
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Palo Alto Expedition Authenticated Command Injection via Cronjobs (CVE-2024-9464)2024-10-10

🕵️Threat Intelligence

7
Bleepingcomputer
CISA warns of more Palo Alto Networks bugs exploited in attacks2024-11-14
Bleepingcomputer
Palo Alto Networks warns of potential PAN-OS RCE vulnerability2024-11-08
Bleepingcomputer
CISA warns of critical Palo Alto Networks bug exploited in attacks2024-11-07
Wiz
Crying Out Cloud - November 2024 Newsletter | Wiz2024-11-01
Wiz
3 Critical CVEs in Palo Alto Networks Expedition | Wiz Blog2024-10-10
CVE-2024-9464 — OS Command Injection in Palo | cvebase