COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-9463

CVE-2024-9463

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-11-14
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-9463
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS

Players implicated

Palo Alto Networks, Inc. · vendorExpedition · product

Description

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.