An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:AmberPalo Alto Networks Expedition
APPPaloaltonetworks1.2.0 – 1.2.96 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
FirewallCommand Injection
Related vulnerabilities
CVE-2024-9463CRITICAL9.9⚠ KEVPL ✓ten sam produkt
Command injection w Palo Alto Networks Expedition — nieautoryzowane RCE jako root
CVE-2024-9465CRITICAL9.2⚠ KEVPL ✓ten sam produkt
SQL Injection w Palo Alto Networks Expedition — dostęp do danych i plików
CVE-2024-5910CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Brak uwierzytelnienia w Palo Alto Networks Expedition — przejęcie konta admina
CVE-2025-0103CRITICAL9.2PL ✓ten sam produkt
SQL Injection w Palo Alto Networks Expedition — ujawnienie danych i odczyt plików
CVE-2018-10143CRITICAL9.8ten sam produkt
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker wit...