Vulnerabilities you should know about Palo Alto Expedition
About Expedition
Expedition is the fourth evolution of the Palo Alto Networks Migration Tool. The purpose of this tool is to help reduce the time and efforts of migrating a configuration from a supported vendor to Palo Alto Networks.
Shodan Mapping (24 IPs)
html:"Expedition Project"
Facet Analysis - Filter based on your organization
FOFA Mapping (144 Unique IPs)
body="Expedition Project" || title="Expedition Project"
CVE-2024-9463
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Base Score: 9.9 CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber
Nuclei Template
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9463.yaml
CVE-2024-9464
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Base Score: 9.3 CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber
CVE-2024-9465
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Base Score: 9.2 CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber
Nuclei Template
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9465.yaml
CVE-2024-9466
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Base Score: 8.2 HIGH
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber
CVE-2024-9467
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.
Base Score: 7.0 HIGH
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber
Mitigation
All vulnerabilities are resolved as of Expedition version 1.2.96 and later.
References
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-9463
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-9464
[3] https://nvd.nist.gov/vuln/detail/CVE-2024-9465
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-9466
[5] https://nvd.nist.gov/vuln/detail/CVE-2024-9467
What's Your Reaction?