vulnerability context

CVE-2024-9464

CVSS 6.5 MEDIUMEPSS 99%+CWE-78

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Published 2024-10-09 · last modified 2024-10-17

details

CISA KEV status: Not in catalog
CVSS v3: 6.5 / MEDIUM
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS: 99%+ percentile (score 0.8171)
CWE: CWE-78
OTX pulses: 0 total, 0 recent

View on NVD → · cve.org

source mentions 2

[CyberHub] 📌 CVE-2024-9464 - An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated att...Bluesky:@cyberhub.blog · 3h ago
Critical vulnerabilities in Palo Alto Expedition: everything you need to knowWiz Research · 2024-10-10

source consensus

Bluesky:@cyberhub.blog1×

Want the 3-bullet summary of CVE-2024-9464, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →