OpenCVE

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Nov. 14, 2024.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Paloaltonetworks	Expedition

Configuration 1 [-]

cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.paloaltonetworks.com/PAN-SA-2024-0010
https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/

History

Fri, 15 Nov 2024 00:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2024-11-14'}`

Thu, 14 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 18 Oct 2024 12:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:::::: cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-::::::

Thu, 17 Oct 2024 05:30:00 +0000

Type	Values Removed	Values Added
References		https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/

Tue, 15 Oct 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Paloaltonetworks Paloaltonetworks expedition
CPEs		cpe:2.3:a:paloaltonetworks:expedition::::::::
Vendors & Products		Paloaltonetworks Paloaltonetworks expedition
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 09 Oct 2024 22:45:00 +0000

Type	Values Removed	Values Added
Title	Expedition: SQL Injection Leads to Firewall Admin Account Takeover	Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure
Metrics	cvssV4_0 `{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red'}`	cvssV4_0 `{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber'}`

Wed, 09 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
Description		An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Title		Expedition: SQL Injection Leads to Firewall Admin Account Takeover
Weaknesses		CWE-89
References		https://security.paloaltonetworks.com/PAN-SA-2024-0010
Metrics		cvssV4_0 `{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red'}`

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-10-09T17:04:01.720Z

Updated: 2024-11-14T23:20:22.620Z

Reserved: 2024-10-03T11:35:12.544Z

Link: CVE-2024-9465

Vulnrichment

Updated: 2024-10-10T17:34:53.065Z

NVD

Status : Analyzed

Published: 2024-10-09T17:15:20.287

Modified: 2024-11-15T14:39:34.863

Link: CVE-2024-9465

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object