loading

138454 author: screaminggoat@infosec.exchange 27 Dec 04:00
tags: #activeexploitation #christmas #cve #cve_2024_3393 #eitw #paloaltonetworks #vulnerability #zeroday

Merry fucking Christmas from Palo Alto Networks (Zero-Day): CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
CVE-2024-3393 (CVSSv4: 8.7 high) A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.

76247 author: screaminggoat@infosec.exchange 09 Oct 2024 16:55
tags: #cve #expedition #paloaltonetworks #vulnerability

Palo Alto Networks security advisory: PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities Lead to Firewall Admin Account Takeover
See parent toot above for Horizon3 vulnerability details.

CVE-2024-9463 (9.9 critical) Palo Alto Networks Expedition OS command injection vulnerability
CVE-2024-9464 (9.3 critical) Palo Alto Networks Expedition OS command injection vulnerability
CVE-2024-9465 (9.2 critical) Palo Alto Networks Expedition SQL injection vulnerability
CVE-2024-9466 (8.2 high) Palo Alto Networks Expedition cleartext storage of sensitive information vulnerability
CVE-2024-9467 (7.0 high) Palo Alto Networks Expedition reflected XSS vulnerability

Palo Alto Networks is not aware of any malicious exploitation of these issues.

76246 author: screaminggoat@infosec.exchange 09 Oct 2024 16:51
tags: #cve #expedition #paloaltonetworks #vulnerability #vulnerabilityanalysis
to: https://infosec.exchange/users/hacks_zach

Horizon3: Palo Alto Expedition: From N-Day to Full Compromise
References:

CVE-2024-5910 (CVSSv4: 9.3 critical, disclosed 10 July 2024 by Palo Alto Networks) Expedition: Missing Authentication Leads to Admin Account Takeover
CVE-2024-9464 Expedition: Authenticated Command Injection
CVE-2024-9465 Expedition: Unauthenticated SQL Injection
CVE-2024-9466 Expedition: Cleartext Credentials in Logs

Daaaaaaaamn @hacks_zach, Zach Hanley at it again with the Palo Alto Networks vulnerabilities. In trying to find CVE2-2024-5910 in Expedition (a configuration migration tool from a supported vendor to Palo Alto Networks PAN-OS), he found CVE-2024-9464, CVE-2024-9465 and CVE-2024-9466. It appears that CVE-2024-9465 (unauth SQL injection) leads to leaking credentials via "users" and "devices" tables which contain password hashes and device API keys. This is the CVE-2024-9466.