Vulnerability Analysis
Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure
CVE-2024-9463
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CISA KEV
Nuclei Template
CVSS Base Score
9.9
CRITICAL
Exploitability:-
Impact Score:-
Temporal Score:-
EPSS:98.42%
Threat Intelligence Signals
CISA KEV
YES
KEV Date Added
2024-11-14
Ransomware Use
Unknown
KEV Due Date
2024-12-05
VulnCheck In-the-Wild
No
Nuclei Template
YES
EPSS Score
98.423%
EPSS Percentile
99.9th pct
GHSA ID
GitHub Severity
CRITICAL
Identity & Timeline
| Status | - |
| Assigning Authority | - |
| CVSS Version / Source | - |
| Reserved | - |
| Published | - |
| Patch Date (date_public) | - |
| Exploit DB Date | - |
| First GitHub PoC Date | - |
| Last Updated | - |
| Time to Patch (Days to fix) | - |
| Exploit Release Gap | - |
| PoC Release Gap | - |
| Exploit DB References | None identified |
Affected Products & Versions
| Vendor | Product | Affected Versions |
|---|---|---|
| No affected products specified. | ||
Social Buzz