Palo Alto Expedition OS command injection vulnerability (CVE 2024-9463)

A critical OS command injection vulnerability (CVE 2024-9463) in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

 

Vulnerability

  • Unauthenticated OS Command Injection Vulnerability (CVE-2024-9463)

 

Severity Level

  • Critical

 

Affected Products

  • Expedition:  1.2.0 before 1.2.96

 

Remediation

  • Apply the fixes to affected systems ASAP.

 

Reference

 

Enquiry

 

 

Published on: 15 Nov 2024