Palo Alto Networks Expedition OS Command Injection Vulnerability (CVE-2024-9463)
Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
A remote attacker, without authentication, can achieve full data confidentiality loss. Federal agencies are required to remediate by 2024-12-05 under CISA BOD 22-01.
This is a OS Command Injection (CWE-78) vulnerability in Palo Alto Networks Expedition. An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2024-11-14 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2024-12-05.
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.