CVE-2024-9463 (GCVE-0-2024-9463)

Vulnerability from cvelistv5 – Published: 2024-10-09 17:03 – Updated: 2025-10-21 22:55
VLAI CISA Shadowserver KEVIntel
Title
Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure
Summary
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
Vendor Product Version
Palo Alto Networks Expedition Affected: 1.2.0 , < 1.2.96 (custom)
    cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-10-09 16:00
Credits
Enrique Castillo of Palo Alto Networks
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2024-9463

Status: Confirmed

Status Updated: 2024-11-14 00:00 UTC

Exploited: Yes


Timestamps
First Seen: 2024-11-14
Asserted: 2024-11-14

Scope
Notes: KEV entry: Palo Alto Networks Expedition OS Command Injection Vulnerability | Affected: Palo Alto Networks / Expedition | Description: Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9463

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev


Details
Cwes CWE-78
Feed CISA Known Exploited Vulnerabilities Catalog
Product Expedition
Due Date 2024-12-05
Date Added 2024-11-14
Vendorproject Palo Alto Networks
Vulnerabilityname Palo Alto Networks Expedition OS Command Injection Vulnerability
Knownransomwarecampaignuse Unknown

References

Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2024-9463

Status: Confirmed

Status Updated: 2026-07-08 00:00 UTC

Exploited: Yes


Characteristics
Severity: 0.0

Timestamps
First Seen: 2024-10-15
Asserted: 2024-10-15
Last Seen: 2026-07-08

Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Palo Alto Networks / Palo Alto Expedition | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-07-08: 2

Evidence

Type: Honeypot

Signal: In The Wild Attempts

Confidence: 70%

Source: shadowserver


Details
1D 2
Iot no
Feed Shadowserver Foundation honeypot/exploited-vulnerabilities
Type http-scan
Class other-software
7D Avg 1
Vendor Palo Alto Networks
30D Avg 3
90D Avg 2
Product Palo Alto Expedition
Cisa Kev yes
Connections 2
Observation Date 2026-07-08
Vulnerability Class CVSS
Vulnerability Score 0
Vulnerability Severity None

References

Created: 2026-06-30 09:23 UTC | Updated: 2026-07-10 01:00 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2024-9463

Status: Confirmed

Status Updated: 2024-11-14 00:00 UTC

Exploited: Yes


Timestamps
First Seen: 2024-11-14
Asserted: 2024-11-14

Scope
Notes: KEVIntel entry: Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure | Affected: Palo Alto Networks / Expedition | CVSS: 9.9 (CRITICAL) | EPSS: 0.98393 | Used in malware: unknown | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel


Details
Feed KEVIntel (kevintel.com)
Title Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure
Vendor Palo Alto Networks
Product Expedition
Added Date 2024-11-14T00:00:00.000Z
Cvss Score 9.9
Epss Score 0.98393
Cvss Severity CRITICAL
Epss Percentile 0.99912
Used In Malware unknown
Ahead Of Cisa Kev None
Not Yet In Cisa Kev False

References

Created: 2026-06-23 14:06 UTC | Updated: 2026-07-10 06:14 UTC
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9463",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-20T03:55:56.863014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-11-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9463"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:42.730Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9463"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-11-14T00:00:00.000Z",
            "value": "CVE-2024-9463 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Expedition",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.2.96",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.2.96",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Enrique Castillo of Palo Alto Networks"
        }
      ],
      "datePublic": "2024-10-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls."
            }
          ],
          "value": "An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-18T11:47:33.445Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\u003cbr\u003e\u003cbr\u003eAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\u003cbr\u003e\u003cbr\u003eAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating."
            }
          ],
          "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\n\nAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\n\nAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-09T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.\u003cbr\u003e"
            }
          ],
          "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-9463",
    "datePublished": "2024-10-09T17:03:12.012Z",
    "dateReserved": "2024-10-03T11:35:09.867Z",
    "dateUpdated": "2025-10-21T22:55:42.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-9463",
      "cwes": "[\"CWE-78\"]",
      "dateAdded": "2024-11-14",
      "dueDate": "2024-12-05",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9463",
      "product": "Expedition",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.",
      "vendorProject": "Palo Alto Networks",
      "vulnerabilityName": "Palo Alto Networks Expedition OS Command Injection Vulnerability"
    },
    "epss": {
      "cve": "CVE-2024-9463",
      "date": "2026-07-09",
      "epss": "0.98423",
      "percentile": "0.99913"
    },
    "fkie_nvd": {
      "cisaActionDue": "2024-12-05",
      "cisaExploitAdd": "2024-11-14",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "Palo Alto Networks Expedition OS Command Injection Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.2.0\", \"versionEndExcluding\": \"1.2.96\", \"matchCriteriaId\": \"13E7A504-08F4-40E4-9FF5-A707DAF6708A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de inyecci\\u00f3n de comandos del sistema operativo en Palo Alto Networks Expedition permite a un atacante no autenticado ejecutar comandos arbitrarios del sistema operativo como root en Expedition, lo que resulta en la divulgaci\\u00f3n de nombres de usuario, contrase\\u00f1as de texto plano, configuraciones de dispositivos y claves API de dispositivos de firewalls PAN-OS.\"}]",
      "id": "CVE-2024-9463",
      "lastModified": "2024-11-15T02:00:01.687",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber\", \"baseScore\": 9.9, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"HIGH\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NO\", \"recovery\": \"USER\", \"valueDensity\": \"CONCENTRATED\", \"vulnerabilityResponseEffort\": \"HIGH\", \"providerUrgency\": \"AMBER\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-10-09T17:15:19.973",
      "references": "[{\"url\": \"https://security.paloaltonetworks.com/PAN-SA-2024-0010\", \"source\": \"psirt@paloaltonetworks.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@paloaltonetworks.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-9463\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2024-10-09T17:15:19.973\",\"lastModified\":\"2026-06-17T08:24:37.050\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en Palo Alto Networks Expedition permite a un atacante no autenticado ejecutar comandos arbitrarios del sistema operativo como root en Expedition, lo que resulta en la divulgaci\u00f3n de nombres de usuario, contrase\u00f1as de texto plano, configuraciones de dispositivos y claves API de dispositivos de firewalls PAN-OS.\"}],\"affected\":[{\"source\":\"psirt@paloaltonetworks.com\",\"affectedData\":[{\"vendor\":\"Palo Alto Networks\",\"product\":\"Expedition\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*\",\"cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"1.2.0\",\"lessThan\":\"1.2.96\",\"versionType\":\"custom\",\"status\":\"affected\",\"changes\":[{\"at\":\"1.2.96\",\"status\":\"unaffected\"}]}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"HIGH\",\"providerUrgency\":\"AMBER\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-08-20T03:55:56.863014Z\",\"id\":\"CVE-2024-9463\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2024-11-14\",\"cisaActionDue\":\"2024-12-05\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Palo Alto Networks Expedition OS Command Injection Vulnerability\",\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2.0\",\"versionEndExcluding\":\"1.2.96\",\"matchCriteriaId\":\"13E7A504-08F4-40E4-9FF5-A707DAF6708A\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/PAN-SA-2024-0010\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9463\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "redhat_vex": {
      "current_release_date": "2026-03-27T09:22:11+00:00",
      "cve": "CVE-2024-9463",
      "id": "CVE-2024-9463",
      "initial_release_date": "2024-10-09T16:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9463.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9463\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-20T03:55:56.863014Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-11-14\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9463\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-11-14T00:00:00+00:00\", \"value\": \"CVE-2024-9463 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9463\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T18:12:37.860Z\"}}], \"cna\": {\"title\": \"Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Enrique Castillo of Palo Alto Networks\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 9.9, \"Automatable\": \"NO\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"CONCENTRATED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*\", \"cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*\"], \"vendor\": \"Palo Alto Networks\", \"product\": \"Expedition\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"1.2.96\", \"status\": \"unaffected\"}], \"version\": \"1.2.0\", \"lessThan\": \"1.2.96\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of these issues.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of these issues.\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-10-09T16:00:00.000Z\", \"value\": \"Initial publication\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\\n\\nAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\\n\\nAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\u003cbr\u003e\u003cbr\u003eAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\u003cbr\u003e\u003cbr\u003eAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.\", \"base64\": false}]}], \"datePublic\": \"2024-10-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://security.paloaltonetworks.com/PAN-SA-2024-0010\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"shortName\": \"palo_alto\", \"dateUpdated\": \"2024-10-18T11:47:33.445Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-9463\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:55:42.730Z\", \"dateReserved\": \"2024-10-03T11:35:09.867Z\", \"assignerOrgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"datePublished\": \"2024-10-09T17:03:12.012Z\", \"assignerShortName\": \"palo_alto\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…