← Back to CVEs
CVE-2024-9463
HIGHCISA KEV7.5
Description
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/9/2024
Last Modified11/4/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorPalo Alto Networks
ProductExpedition
Vulnerability NamePalo Alto Networks Expedition OS Command Injection Vulnerability
KEV Date Added2024-11-14
Remediation Due Date2024-12-05
Ransomware UseUnknown
Affected Products
paloaltonetworks:expedition
Weaknesses (CWE)
CWE-78CWE-78
References
https://security.paloaltonetworks.com/PAN-SA-2024-0010(psirt@paloaltonetworks.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9463(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.