CVE-2024-9465

Warnung

Exploit

EPSS 94.24%
Veröffentlicht 09.10.2024 17:15:20
Zuletzt bearbeitet 04.11.2025 16:49:01
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Expedition Version >= 1.2.0 < 1.2.96

14.11.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Palo Alto Networks Expedition SQL Injection Vulnerability

Schwachstelle

Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.24%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
psirt@paloaltonetworks.com	9.2	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

https://security.paloaltonetworks.com/PAN-SA-2024-0010

Vendor Advisory

Mitigation

https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/

Exploit

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9465

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-9465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9465

EUVD