CVE-2024-9465

Published Oct 9, 2024

Last updated 4 months ago

Exploit knownCVSS critical 9.2

Overview

Description
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Source
psirt@paloaltonetworks.com
NVD status
Analyzed
Products
expedition

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Palo Alto Networks Expedition SQL Injection Vulnerability
Exploit added on
Nov 14, 2024
Exploit action due
Dec 5, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@paloaltonetworks.com
CWE-89
nvd@nist.gov
CWE-89

Social media

Hype score
Not currently trending

  1. Palo Alto 社の PAN-SA-2024-0010 にて公表された SQLi (CVE-2024-9465) の EPSS 値が大きく上昇しています。 ## CVE ID: CVE-2024-9465 | Date | EPSS | Percentile | |------------|--------|------------| | 2024-10-16 | 0.181470000 | 0.962860000 | | 2024-10-15 | 0.000500000 | 0.203390000 |… https://t.co/qFBYCrv4

    @springmoon6

    987 Impressions

    2 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @edhacktools

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @JonesAdakole

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @MarianaA89507

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @Darkweb_wirespy

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @_zea_hack

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🔴 Palo Alto Networks Expedition, SQL Injection Vulnerability, #CVE-2024-9465 (Critical) https://t.co/6V5CU7aofs

    @dailycve

    7 Dec 2024

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🔴 Palo Alto Networks Expedition: Critical SQL Injection (#CVE-2024-9465) - Critical https://t.co/WMAv0Z4L9N

    @dailycve

    28 Nov 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) | #HelpNetSecurity #CyberSecurity https://t.co/ZSldIcYzTc

    @imabit_inc

    28 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Attention, CVE-2024-9465 has recently been classified as a CISA Known Exploited Vulnerability (KEV) related to Palo Alto Networks. Know more about it and act now to safeguard your organization: https://t.co/KJa4JH3uOg #KEV #CyberSecurity #CVE #VulnerabilityManagement #CISO http

    @attaxion

    21 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-49039 is getting exploited #inthewild. Find out more at https://t.co/AJsoh7ru2y CVE-2024-4741 is getting exploited #inthewild. Find out more at https://t.co/UGfCxJVbNl CVE-2024-9465 is getting exploited #inthewild. Find out more at https://t.co/qeG2n7ew9k

    @inthewildio

    19 Nov 2024

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CISA warns of actively exploited Palo Alto Networks Expedition flaws (CVE-2024-9463, CVE-2024-9465). Update by Dec 5th to avoid OS & SQL injection. #Cybersecurity #Palo https://t.co/6sUBpw0yr5

    @TLDRStories

    18 Nov 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 10月に修正されたPalo Alto製移行ツール「Expedition」の5つの脆弱性の内「CVE-2024-9463」と「CVE-2024-9465」は悪用が確認されています。 これらの対応としては、アップデートだけでなく、処理されたユーザー名、パスワード、APIキーなどを変更する必要があるそうです。 https://t.co/u8eZHVKzVp

    @ntsuji

    18 Nov 2024

    2964 Impressions

    3 Retweets

    19 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  16. Palo Alto Networks ファイアウォール、Expedition が攻撃を受ける (CVE-2024-9463、CVE-2024-9465) Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) #HelpNetSecurity (Nov 15) https://t.co/5PXr6Ovxcb

    @foxbook

    17 Nov 2024

    211 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2024-9463 : CVSS v4 Score 9.9 Multiple Vulnerabilities in PaloAlto Expedition Lead to Exposure of Firewall Credentials. Includes: CVE-2024-9464,CVE-2024-9465, CVE-2024-9466,CVE-2024-9467 #PatchNOW #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #DataBreach

    @RuskovUnlock

    16 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Palo Alto Networks has confirmed that hackers are exploiting a critical zero-day vulnerability in its firewall products, identified as CVE-2024-9463 and CVE-2024-9465. These vulnerabilities enable remote code execution with a high severity score of 9.3. No patch is available yet,

    @XArthurDent

    15 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) - Help Net Security https://t.co/0cMKoNId2M

    @TheCyberSecHub

    15 Nov 2024

    663 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    1 Quote

  20. CISA warns of more Palo Alto Networks bugs exploited in attacks: https://t.co/dRbHKsVIGP CISA has warned of two critical vulnerabilities in Palo Alto Networks' Expedition migration tool, CVE-2024-9463 (unauthenticated command injection) and CVE-2024-9465 (SQL injection), which…

    @securityRSS

    15 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Two critical #vulnerabilities discovered - CVE-2024-9463 & CVE-2024-9465. These affect systems running Expedition migration tool for Checkpoint & Cisco configurations. Risks include #CommandInjection & #SQLinjection attacks. https://t.co/KG0lXy4skZ

    @MalwarePatrol

    15 Nov 2024

    79 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CVSS 9.9 Alert - Two critical vulnerabilities have been actively exploited in Palo Alto Networks Expedition. 🚨 CVE-2024-9463 (9.9) - OS command injection vulnerability 🚨 CVE-2024-9465 (9.2) - SQL injection vulnerability These flaws could allow attackers to gain unauthorized…

    @cytexsmb

    15 Nov 2024

    334 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    3 Quotes

  23. .@CISACyber We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/ueshM6Ecst & apply mitigations to protect your org from cyberattacks. #Cybersecurity #infosec

    @CEEKTechnology

    15 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. CISA adds Palo Alto flaws to KEV Catalog #PaloAlto #CVE-2024-9463 #CVE-2024-9465 https://t.co/GPcrbiBRSa

    @pravin_karthik

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Vulnerabilità Expedition di Palo Alto Networks sfruttata attivamente Sicurezza Informatica, cisa, CVE-2024-9463, CVE-2024-9465, Expedition, Palo Alto Networks, vulnerabilità https://t.co/zfSdVCO2Hj https://t.co/6xARUpUMcs

    @matricedigitale

    15 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CISA Flags Critical Exploits in Palo Alto Networks' Expedition with Public PoC Code Urgent warning about critical vulnerabilities in Palo Alto Networks Expedition: CVE-2024-9463 and CVE-2024-9465. Take action to protect your organization. https://t.co/e3jErK3lK8

    @the_yellow_fall

    15 Nov 2024

    5 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-9465 Palo Alto Networks #Expedition SQL Injection Vulnerability https://t.co/Vj8sukBQXu

    @ScyScan

    14 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🛡️ We added #PaloAltoNetworks Expedition vulnerabilities, CVE-2024-9463 & CVE-2024-9465 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/LKBPwYykh

    @CISACyber

    14 Nov 2024

    5848 Impressions

    39 Retweets

    57 Likes

    6 Bookmarks

    3 Replies

    3 Quotes

  29. 🚨 5:35 AM exploit session in progress📷 #CVE-2024-9465 hits Palo Alto's Expedition with unauth SQL injection, exposing password hashes, usernames & more. Find vuln networks: SHODAN: http.favicon.hash:1499876150 https://t.co/ovdVAnhdGZ

    @Yetmez1526

    3 Nov 2024

    5 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.CVE-2025-0107
  2. An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.CVE-2025-0103
  3. A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.CVE-2025-0106
  4. An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.CVE-2025-0105
  5. A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft.CVE-2025-0104

References

Sources include official advisories and independent security research.