Security News > 2024 > November > Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)
Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About the vulnerabilities (CVE-2024-9463, CVE-2024-9465) CVE-2024-9463 allows unauthenticated attackers to run arbitrary OS commands as root on vulnerable Expedition instances, leading to disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. CVE-2024-9465 – an SQL injection vulnerability – allows unauthenticated attackers to grab data from Expedition’s … More → The post Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/15/cve-2024-9463-cve-2024-9465/
Related news
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)
- Palo Alto Networks tags new firewall bug as exploited in attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Mysterious Palo Alto firewall reboots? You're not alone (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Attackers are chaining flaws to breach Palo Alto Networks firewalls (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-9465 | SQL Injection vulnerability in Paloaltonetworks Expedition An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. | 9.1 |
| 2024-10-09 | CVE-2024-9463 | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 7.5 |