Palo Alto Networks security advisory: PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities Lead to Firewall Admin Account Takeover
See parent toot above for Horizon3 vulnerability details.

  • CVE-2024-9463 (9.9 critical) Palo Alto Networks Expedition OS command injection vulnerability
  • CVE-2024-9464 (9.3 critical) Palo Alto Networks Expedition OS command injection vulnerability
  • CVE-2024-9465 (9.2 critical) Palo Alto Networks Expedition SQL injection vulnerability
  • CVE-2024-9466 (8.2 high) Palo Alto Networks Expedition cleartext storage of sensitive information vulnerability
  • CVE-2024-9467 (7.0 high) Palo Alto Networks Expedition reflected XSS vulnerability

Palo Alto Networks is not aware of any malicious exploitation of these issues.

Horizon3: Palo Alto Expedition: From N-Day to Full Compromise
References:

Daaaaaaaamn @hacks_zach, Zach Hanley at it again with the Palo Alto Networks vulnerabilities. In trying to find CVE2-2024-5910 in Expedition (a configuration migration tool from a supported vendor to Palo Alto Networks PAN-OS), he found CVE-2024-9464, CVE-2024-9465 and CVE-2024-9466. It appears that CVE-2024-9465 (unauth SQL injection) leads to leaking credentials via "users" and "devices" tables which contain password hashes and device API keys. This is the CVE-2024-9466.