Vulnerabilities you should know about Palo Alto Expedition

Oct 12, 2024 - 17:03
Oct 13, 2024 - 00:28
 0  73
Vulnerabilities you should know about Palo Alto Expedition
DALL-E 3

About Expedition

Expedition is the fourth evolution of the Palo Alto Networks Migration Tool. The purpose of this tool is to help reduce the time and efforts of migrating a configuration from a supported vendor to Palo Alto Networks.

Shodan Mapping (24 IPs)

html:"Expedition Project"

Facet Analysis - Filter based on your organization

FOFA Mapping (144 Unique IPs)

body="Expedition Project" || title="Expedition Project"

CVE-2024-9463

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

CVSS v4.0 Details

Base Score: 9.9 CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

Nuclei Template

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9463.yaml

CVE-2024-9464

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

CVSS v4.0 Details

Base Score: 9.3 CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

CVSS v4.0 Details

Base Score: 9.2 CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

Nuclei Template

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9465.yaml

CVE-2024-9466

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

CVSS v4.0 Details

Base Score: 8.2 HIGH

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

CVE-2024-9467

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

CVSS v4.0 Details

Base Score: 7.0 HIGH

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

Mitigation
All vulnerabilities are resolved as of Expedition version 1.2.96 and later.

References

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-9463

[2] https://nvd.nist.gov/vuln/detail/CVE-2024-9464

[3] https://nvd.nist.gov/vuln/detail/CVE-2024-9465

[4] https://nvd.nist.gov/vuln/detail/CVE-2024-9466

[5] https://nvd.nist.gov/vuln/detail/CVE-2024-9467

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

Abhirup Konwar A skilled and passionate bug hunter with multiple recognitions, including NASA Hall of Fame and being ranked in the top 1% on TryHackMe. I have secured numerous high-profile organizations such as American Systems, Bluescape, Clemson University, and Melbourne University. My work has been acknowledged by prestigious institutions like NCIIPC, UKRI, and the World Health Organization (WHO). I've reported over 1,000 vulnerabilities on the openbugbounty platform, with notable achievements including discovering critical Remote Code Execution (RCE) vulnerabilities in Drexel University, University of Victoria, University of Minnesota, and ii.tudelft.nl. Additionally, I have secured organizations like NeuRA, Appfluence Inc., and the US Department of Energy. My commitment to cybersecurity extends globally, with a mission to safeguard industries and continuously share knowledge.