Palo Alto Networks security advisory: PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities Lead to Firewall Admin Account Takeover
See parent toot above for Horizon3 vulnerability details.
- CVE-2024-9463 (9.9 critical) Palo Alto Networks Expedition OS command injection vulnerability
- CVE-2024-9464 (9.3 critical) Palo Alto Networks Expedition OS command injection vulnerability
- CVE-2024-9465 (9.2 critical) Palo Alto Networks Expedition SQL injection vulnerability
- CVE-2024-9466 (8.2 high) Palo Alto Networks Expedition cleartext storage of sensitive information vulnerability
- CVE-2024-9467 (7.0 high) Palo Alto Networks Expedition reflected XSS vulnerability
Palo Alto Networks is not aware of any malicious exploitation of these issues.