⚠ Actively exploited
Added to CISA KEV on 2024-11-14. Federal agencies required to patch by 2024-12-05. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2024-9465 — SQL Injection in Palo Alto Networks Expedition
Severity
9.2CRITICALNVD
EPSS
94.3%
top 0.06%
CISA KEV
KEV
Added 2024-11-14
Due 2024-12-05
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 9
KEV addedNov 14
KEV dueDec 5
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-9f2c-45xq-c486: An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as pas↗2024-10-09
💥Exploits & PoCs
1Nuclei▶
Palo Alto Expedition - SQL Injection
🔍Detection Rules
1Suricata▶
ET WEB_SPECIFIC_APPS Palto Alto Expedition Unauthenticated SQL Injection in Checkpoint Config Parser (CVE-2024-9465)↗2024-10-10