{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9467", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-10-03T11:35:14.299Z", "datePublished": "2024-10-09T17:04:56.867Z", "dateUpdated": "2024-10-18T11:52:07.963Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Expedition", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "1.2.96", "status": "unaffected"}], "lessThan": "1.2.96", "status": "affected", "version": "1.2.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Enrique Castillo of Palo Alto Networks"}], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft."}], "value": "A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-10-18T11:52:07.963Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.<br><br>All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.<br><br>All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating."}], "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\n\nAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\n\nAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-10-09T16:00:00.000Z", "value": "Initial publication"}], "title": "Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks."}], "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T18:09:44.149342Z", "id": "CVE-2024-9467", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T18:10:00.314Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9467", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-09T18:09:44.149342Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T18:09:51.651Z"}}], "cna": {"title": "Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Enrique Castillo of Palo Alto Networks"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 7, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber", "providerUrgency": "AMBER", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*"], "vendor": "Palo Alto Networks", "product": "Expedition", "versions": [{"status": "affected", "changes": [{"at": "1.2.96", "status": "unaffected"}], "version": "1.2.0", "lessThan": "1.2.96", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-10-09T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.\n\nAll Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.\n\nAll firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.", "supportingMedia": [{"type": "text/html", "value": "The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.<br><br>All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition.<br><br>All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.", "base64": false}]}], "datePublic": "2024-10-09T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.", "supportingMedia": [{"type": "text/html", "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.", "supportingMedia": [{"type": "text/html", "value": "A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-10-18T11:52:07.963Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9467", "state": "PUBLISHED", "dateUpdated": "2024-10-18T11:52:07.963Z", "dateReserved": "2024-10-03T11:35:14.299Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-10-09T17:04:56.867Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*", "matchCriteriaId": "13E7A504-08F4-40E4-9FF5-A707DAF6708A", "versionEndExcluding": "1.2.96", "versionStartIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft."}, {"lang": "es", "value": "Una vulnerabilidad XSS reflejado en Palo Alto Networks Expedition permite la ejecuci\u00f3n de JavaScript malicioso en el contexto del navegador de un usuario autenticado de Expedition si ese usuario hace clic en un enlace malicioso, lo que permite ataques de phishing que podr\u00edan conducir al robo de sesiones del navegador de Expedition."}], "id": "CVE-2024-9467", "lastModified": "2024-10-15T15:09:13.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "ACTIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "HIGH", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "LOW"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2024-10-09T17:15:20.517", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}