CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-9465

Critical Severity
Paloaltonetworks
SVRS
82/100
CVSSv3
9.1/10
EPSS
0.94244/1

CVE-2024-9465 is a critical SQL injection vulnerability affecting Palo Alto Networks Expedition. This flaw enables an unauthenticated attacker to reveal sensitive data stored within the Expedition database.

The exposed data includes password hashes, usernames, device configurations, and device API keys, potentially leading to significant security breaches. Furthermore, attackers can exploit this vulnerability to create and read arbitrary files on the Expedition system, extending their control over the affected system. The SOCRadar Vulnerability Risk Score (SVRS) of 82 underscores the critical nature of this vulnerability, demanding immediate attention and remediation. With active exploits "In The Wild" and available, and the fact that it is listed in the CISA KEV catalog, organizations using Palo Alto Networks Expedition are at high risk of compromise and should prioritize patching this flaw to prevent unauthorized access and data breaches.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:N
PUBLICATION DATE2024-10-09
LAST MODIFIED2024-11-15
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-9465 is an SQL injection vulnerability in Palo Alto Networks Expedition that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. The SVRS for this vulnerability is 30, indicating a moderate risk.

Key Insights

  • Unauthenticated attackers can exploit this vulnerability. This means that attackers do not need to have any credentials to exploit this vulnerability.
  • Attackers can reveal sensitive information. This information could be used to compromise the confidentiality, integrity, and availability of the Expedition system.
  • Attackers can create and read arbitrary files. This could allow attackers to install malware or steal data from the Expedition system.
  • Active exploits have been published. This means that attackers are actively exploiting this vulnerability in the wild.

Mitigation Strategies

  • Update Palo Alto Networks Expedition to the latest version. This will patch the vulnerability and protect your system from exploitation.
  • Restrict access to the Expedition system. This will make it more difficult for attackers to exploit the vulnerability.
  • Monitor your system for suspicious activity. This will help you to detect and respond to any attacks that may be exploiting this vulnerability.
  • Use a web application firewall (WAF). This will help to block attacks that are exploiting this vulnerability.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability and called for immediate and necessary measures.
  • If you have any additional questions regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Palo Alto Networks Expedition SQL Injection Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-94652024-11-14
horizon3ai/CVE-2024-9465https://github.com/horizon3ai/CVE-2024-94652024-10-09
Farzan-Kh/CVE-2024-9465https://github.com/Farzan-Kh/CVE-2024-94652024-12-05
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked - Help Net Security
2024-11-17
Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked - Help Net Security | News Content: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. Massive troves of Amazon, HSBC employee data leaked A threat actor who goes by the online
google.com
rss
forum
news
Data Breaches Digest - Week 46 2024
Dunkie ([email protected])2024-12-02
Data Breaches Digest - Week 46 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 11th November and 17th November 2024. 17th November <br
dbdigest.com
rss
forum
news
CISA’dan Kritik Uyarı: Palo Alto Networks Güvenlik Açıkları ve Yeni RCE Saldırıları Aktif Olarak İstismar Ediliyor
Görkem Hınçer2024-11-22
CISA’dan Kritik Uyarı: Palo Alto Networks Güvenlik Açıkları ve Yeni RCE Saldırıları Aktif Olarak İstismar Ediliyor | ABD Siber Güvenlik ve Altyapı Güvenliği Ajansı (CISA), Perşembe günü yaptığı açıklamada, Palo Alto Networks’ün Expedition yazılımını etkileyen iki güvenlik açığının daha aktif olarak istismar edildiğini duyurdu. Bu kapsamda, söz konusu açıklar CISA’nın Bilinen İstismar Edilen Güvenlik Açıkları (KEV) kataloğuna eklendi ve Federal Sivil Yürütme Şubesi (FCEB) kurumlarına 5 Aralık 2024 tarihine kadar gerekli güncellemeleri uygulama zorunluluğu getirildi. Güvenlik Açıkları Detayları CISA tarafından duyurulan açıklar şu şekilde sıralandı: CVE-2024-9463 (CVSS skoru: 9.9) – Palo Alto Networks Expedition
siberguvenlik.web.tr
rss
forum
news
CISA Issues Alert on Ongoing Exploitation of Palo Alto Networks Bugs
Trapti Rajput ([email protected])2024-11-19
CISA Issues Alert on Ongoing Exploitation of Palo Alto Networks Bugs | &nbsp;A report released by the Cybersecurity and Infrastructure Security Agency, a nonprofit organization that monitors and analyzes threats to the nation's
blogger.com
rss
forum
news
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 – Nov 17)
Ajit Jasrotia2024-11-19
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 – Nov 17) | What do hijacked websites, fake job offers, and sneaky ransomware have in common? They&#8217;re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative—using everything from human trust [&#8230;] The post THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11
allhackernews.com
rss
forum
news
PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released
Ajit Jasrotia2024-11-16
PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released | Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management [&#8230;] The post PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released appeared first
allhackernews.com
rss
forum
news
Palo Alto Networks confirmed active exploitation of recently disclosed zero-day
Pierluigi Paganini2024-11-16
Palo Alto Networks confirmed active exploitation of recently disclosed zero-day | Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs). Last week, Palo Alto Networks warned customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability (CVSSv4.0 Base Score: 9.3) in PAN-OS. The cybersecurity company had no [&#8230;] Palo Alto Networks confirmed
securityaffairs.co
rss
forum
news

Social Media

🚨 #CISA Alert: Active Exploitation of CVE-2024-9463 &amp; CVE-2024-9465 🚨These @PaloAltoNtwks Expedition tool vulnerabilities are critical! 🔍 PoC exploit for CVE-2024-9465 is public—act fast! ✅ Update to version 1.2.96 ASAP. 🛠️ Federal agencies: Patch by Dec 5, 2024 (CISA https://t.co/pnyb5UFUQp
0
0
0
🚨 CISA warns of critical Palo Alto Network vulnerabilities (CVE-2024-9463 &amp; CVE-2024-9465) under active exploitation. Federal agencies must update by Dec 5, 2024. https://t.co/Nv6mxQ30OY
0
0
0
CISA Flags New Vulnerabilities: CVE-2024-9463 &amp; CVE-2024-9465 Explained https://t.co/IKSCTnZM1L
0
0
0
🚨 5:35 AM exploit session in progress📷 #CVE-2024-9465 hits Palo Alto's Expedition with unauth SQL injection, exposing password hashes, usernames &amp; more. Find vuln networks: SHODAN: http.favicon.hash:1499876150 📷 Use responsibly! #CyberSecurity #SQLInjection #PaloAlto https://t.co/Rutrux4n0q
0
0
1
@attritionorg Thanks. The .9. was a paste error for CVSS 9.9. There's also a critical SQLI and other flaws inside. Full listing: CVE-2024-9463 CVE-2024-9464 CVE-2024-9465 by @hacks_zach and CVE-2024-9466 CVE-2024-9467
0
0
0
SQL injection vulnerability in Palo Alto Networks | CVE-2024-9465 | Poc video | Bug bounty https://t.co/lnTnN5CVfP #bugbountytip #Sqli #bugbountytips #paloalto #CVE-2024-9465
0
0
1
RT @mattjay: Next - CVE-2024-9465 is an SQL injection vulnerability in Palo Alto Networks Expedition This allows an unauthenticated atta…
0
2
0
Next - CVE-2024-9465 is an SQL injection vulnerability in Palo Alto Networks Expedition This allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. https://t.co/cCkVIuL2kN
1
0
1
CVE-2024-5910,CVE-2024-9464,CVE-2024-9465,CVE-2024-9466 alert 🚨 Firewall Credentials: Multiple expoited in the wild Vulnerabilities in Palo Alto Expedition Lead to Exposure The vulnerabilities have been integrated into Patrowl. Our customers assets are protected. 🦉 #CVE https://t.co/KXEXO3Vqqj
0
0
0
Palo Alto Patches Critical Firewall Takeover Vulnerabilities - (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465) - https://t.co/4AG6Ypx5IL
0
1
4

Affected Software

Configuration 1
TypeVendorProduct
AppPaloaltonetworksexpedition

References

ReferenceLink
[email protected]https://security.paloaltonetworks.com/PAN-SA-2024-0010
[email protected]https://security.paloaltonetworks.com/PAN-SA-2024-0010
[email protected]https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/
GITHUBhttps://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/

CWE Details

CWE IDCWE NameDescription
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence