Security News > 2024 > November > Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)
Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About the vulnerabilities (CVE-2024-9463, CVE-2024-9465) CVE-2024-9463 allows unauthenticated attackers to run arbitrary OS commands as root on vulnerable Expedition instances, leading to disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. CVE-2024-9465 – an SQL injection vulnerability – allows unauthenticated attackers to grab data from Expedition’s … More → The post Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/15/cve-2024-9463-cve-2024-9465/
Related news
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)
- Palo Alto Networks tags new firewall bug as exploited in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- 48,000+ internet-facing Fortinet firewalls still open to attack (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-9465 | SQL Injection vulnerability in Paloaltonetworks Expedition An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. | 9.1 |
| 2024-10-09 | CVE-2024-9463 | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 7.5 |