COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-9465

CVE-2024-9465

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-11-14
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-9465
⌖ exploited in the wild shame 50/100 exploited-in-wild

Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbit

Players implicated

Palo Alto Networks, Inc. · vendorExpedition · product

Description

Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.