← Back to CVE List
Vulnerability Analysis
Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure

CVE-2024-9463

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

CISA KEV Nuclei Template
CVSS Base Score
9.9
CRITICAL
Exploitability:-
Impact Score:-
Temporal Score:-
EPSS:98.42%

Threat Intelligence Signals

CISA KEV
YES
KEV Date Added
2024-11-14
Ransomware Use
Unknown
KEV Due Date
2024-12-05
VulnCheck In-the-Wild
No
Nuclei Template
YES
EPSS Score
98.423%
EPSS Percentile
99.9th pct
GitHub Severity
CRITICAL

Identity & Timeline

Status-
Assigning Authority-
CVSS Version / Source-
Reserved-
Published-
Patch Date (date_public)-
Exploit DB Date-
First GitHub PoC Date-
Last Updated-
Time to Patch (Days to fix)-
Exploit Release Gap-
PoC Release Gap-
Exploit DB ReferencesNone identified

Affected Products & Versions

Vendor Product Affected Versions
No affected products specified.

References

No reference links found.

LINK COPIED TO CLIPBOARD