VIR Vulnerability Intelligence Relay

CVE-2024-9463

unknown KEV
Published 2024-11-14 · Modified 2024-11-14
CVSS v3
CVSS v2
VIR risk
1.5

Description

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

CISA KEV

Vendor
Palo Alto Networks
Product
Expedition
Due date
2024-12-05

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9463

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.