CVE-2024-9463

Published Oct 9, 2024

Last updated 7 months ago

Exploit knownCVSS critical 9.9

Overview

Description
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Source
psirt@paloaltonetworks.com
NVD status
Analyzed

Insights

Analysis from the Intruder Security Team
Published Oct 15, 2024

Following Palo Alto's announcement of several vulnerabilities in their configuration generation tool Expedition, Horizon released a technical breakdown. In addition to this, watchTowr also released a proof of concept for CVE-2024-9463.

These vulnerabilities are trivial to exploit pose a significant risk to Expedition, whether you expose this to the internet or not.

While this software is not commonly exposed to the internet, a significant risk still remains where an attacker can access the device from the same network as Expedition.

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks Expedition OS Command Injection Vulnerability
Exploit added on
Nov 14, 2024
Exploit action due
Dec 5, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-78
psirt@paloaltonetworks.com
CWE-78

Social media

Hype score
Not currently trending

  1. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @edhacktools

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @JonesAdakole

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @Darkweb_wirespy

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2024-9463 Firewall in Palo Alto Networks Many Palo Alto firewalls are being attacked as you read this article. There’s a new vulnerability that leads to the takeover of firewall admin accounts, and the sensitive information such as usernames, cleartext passwords, and API htt

    @PPHM_HackerNews

    28 Mar 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) | #HelpNetSecurity #CyberSecurity https://t.co/ZSldIcYzTc

    @imabit_inc

    28 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Actively exploited CVE : CVE-2024-9463

    @transilienceai

    21 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. CVE-2024-1212 is getting exploited #inthewild. Find out more at https://t.co/CJXwYDWUv3 CVE-2024-9463 is getting exploited #inthewild. Find out more at https://t.co/1tb5ZXWUiM

    @inthewildio

    19 Nov 2024

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2024-9463 is getting exploited #inthewild. Find out more at https://t.co/1tb5ZXWUiM CVE-2024-9474 is getting exploited #inthewild. Find out more at https://t.co/4mYMUZJast CVE-2024-0012 is getting exploited #inthewild. Find out more at https://t.co/QEsNwNF3YH

    @inthewildio

    19 Nov 2024

    119 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA warns of actively exploited Palo Alto Networks Expedition flaws (CVE-2024-9463, CVE-2024-9465). Update by Dec 5th to avoid OS & SQL injection. #Cybersecurity #Palo https://t.co/6sUBpw0yr5

    @TLDRStories

    18 Nov 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 10月に修正されたPalo Alto製移行ツール「Expedition」の5つの脆弱性の内「CVE-2024-9463」と「CVE-2024-9465」は悪用が確認されています。 これらの対応としては、アップデートだけでなく、処理されたユーザー名、パスワード、APIキーなどを変更する必要があるそうです。 https://t.co/u8eZHVKzVp

    @ntsuji

    18 Nov 2024

    2964 Impressions

    3 Retweets

    19 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  15. Palo Alto Networks ファイアウォール、Expedition が攻撃を受ける (CVE-2024-9463、CVE-2024-9465) Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) #HelpNetSecurity (Nov 15) https://t.co/5PXr6Ovxcb

    @foxbook

    17 Nov 2024

    211 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. PAN-OS Expedition-da “Autentifikasiyasız əmr yerinə yetirmə” (Unauthenticated Command Injection) boşluğu (CVE-2024-9463) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/8X2YyKTT7I

    @CERTAzerbaijan

    17 Nov 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @RuskovUnlock

    16 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Critical RCE Vulnerability in Palo Alto Networks Expedition (#CVE-2024-9463) https://t.co/XannDvEJmr

    @UndercodeNews

    16 Nov 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Palo Alto Networks has confirmed that hackers are exploiting a critical zero-day vulnerability in its firewall products, identified as CVE-2024-9463 and CVE-2024-9465. These vulnerabilities enable remote code execution with a high severity score of 9.3. No patch is available yet,

    @XArthurDent

    15 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) - Help Net Security https://t.co/0cMKoNId2M

    @TheCyberSecHub

    15 Nov 2024

    663 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    1 Quote

  21. CISA warns of more Palo Alto Networks bugs exploited in attacks: https://t.co/dRbHKsVIGP CISA has warned of two critical vulnerabilities in Palo Alto Networks' Expedition migration tool, CVE-2024-9463 (unauthenticated command injection) and CVE-2024-9465 (SQL injection), which…

    @securityRSS

    15 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Two critical #vulnerabilities discovered - CVE-2024-9463 & CVE-2024-9465. These affect systems running Expedition migration tool for Checkpoint & Cisco configurations. Risks include #CommandInjection & #SQLinjection attacks. https://t.co/KG0lXy4skZ

    @MalwarePatrol

    15 Nov 2024

    79 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CVSS 9.9 Alert - Two critical vulnerabilities have been actively exploited in Palo Alto Networks Expedition. 🚨 CVE-2024-9463 (9.9) - OS command injection vulnerability 🚨 CVE-2024-9465 (9.2) - SQL injection vulnerability These flaws could allow attackers to gain unauthorized…

    @cytexsmb

    15 Nov 2024

    334 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    3 Quotes

  24. .@CISACyber We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/ueshM6Ecst & apply mitigations to protect your org from cyberattacks. #Cybersecurity #infosec

    @CEEKTechnology

    15 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CISA adds Palo Alto flaws to KEV Catalog #PaloAlto #CVE-2024-9463 #CVE-2024-9465 https://t.co/GPcrbiBRSa

    @pravin_karthik

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Vulnerabilità Expedition di Palo Alto Networks sfruttata attivamente Sicurezza Informatica, cisa, CVE-2024-9463, CVE-2024-9465, Expedition, Palo Alto Networks, vulnerabilità https://t.co/zfSdVCO2Hj https://t.co/6xARUpUMcs

    @matricedigitale

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🚨 CVE Alert: Palo Alto Networks Expedition OS Command Injection Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-9463 (CVSS 9.9/10) Palo Alto Networks Expedition OS Command Injection Vulnerability Impact A Successful exploit may allows an unauthenticated…

    @CyberxtronTech

    15 Nov 2024

    58 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  28. CISA Flags Critical Exploits in Palo Alto Networks' Expedition with Public PoC Code Urgent warning about critical vulnerabilities in Palo Alto Networks Expedition: CVE-2024-9463 and CVE-2024-9465. Take action to protect your organization. https://t.co/e3jErK3lK8

    @the_yellow_fall

    15 Nov 2024

    5 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-9463 Palo Alto Networks #Expedition OS Command Injection Vulnerability https://t.co/n18RFcXenB

    @ScyScan

    14 Nov 2024

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🛡️ We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/LKBPwYykh

    @CISACyber

    14 Nov 2024

    5848 Impressions

    39 Retweets

    57 Likes

    6 Bookmarks

    3 Replies

    3 Quotes

  31. Actively exploited CVE : CVE-2024-9463

    @transilienceai

    23 Oct 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.