CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-9463

CVSS 9.9v4.0pub. 2024-10-09upd. 2025-11-04

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

🤖 AI Analysis
How it works

An attacker without any authentication can send a specially crafted request to the vulnerable Expedition component, which improperly processes the input and passes it directly to the operating system command interpreter. As a result, arbitrary OS commands can be executed with root privilege level. The lack of user interaction requirement and the absence of authentication or special configuration requirements make this vulnerability exceptionally easy to exploit remotely.

Impact

The attacker gains full control over the Expedition system with root privileges, resulting in disclosure of usernames, passwords in cleartext, device configurations, and PAN-OS firewall API keys — which can consequently lead to takeover of managed network devices.

Mitigation & patch

Patches available from the vendor must be applied immediately in accordance with official advisory PAN-SA-2024-0010 (https://security.paloaltonetworks.com/PAN-SA-2024-0010). Until the update is applied, consider restricting network access to the Expedition interface only to trusted hosts and isolating the system from the production network.

Who is affected

Palo Alto Networks Expedition — versions indicated in vendor references (advisory PAN-SA-2024-0010)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber
  • Palo Alto Networks Expedition

    APP
    Paloaltonetworks
    1.2.0 – 1.2.96 (bez)

CISA KEV — detailsi

Vendori
Palo Alto Networks
Producti
Expedition
Added to KEVi
November 14, 2024
Remediation deadline (US Federal)i
December 5, 2024(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 5 grudnia 2024
Tags
Auth BypassFirewallCommand Injection
CWE
References

Related vulnerabilities

CVE-2024-9465CRITICAL9.2⚠ KEVPL ✓ten sam produkt

SQL Injection w Palo Alto Networks Expedition — dostęp do danych i plików

CVE-2024-5910CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Brak uwierzytelnienia w Palo Alto Networks Expedition — przejęcie konta admina

CVE-2025-0103CRITICAL9.2PL ✓ten sam produkt

SQL Injection w Palo Alto Networks Expedition — ujawnienie danych i odczyt plików

CVE-2024-9464CRITICAL9.3PL ✓ten sam produkt

OS command injection w Palo Alto Networks Expedition umożliwiający RCE jako root

CVE-2018-10143CRITICAL9.8ten sam produkt

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker wit...