loading

76246 author: screaminggoat@infosec.exchange 09 Oct 2024 16:51
tags: #cve #expedition #paloaltonetworks #vulnerability #vulnerabilityanalysis
to: https://infosec.exchange/users/hacks_zach

Horizon3: Palo Alto Expedition: From N-Day to Full Compromise
References:

CVE-2024-5910 (CVSSv4: 9.3 critical, disclosed 10 July 2024 by Palo Alto Networks) Expedition: Missing Authentication Leads to Admin Account Takeover
CVE-2024-9464 Expedition: Authenticated Command Injection
CVE-2024-9465 Expedition: Unauthenticated SQL Injection
CVE-2024-9466 Expedition: Cleartext Credentials in Logs

Daaaaaaaamn @hacks_zach, Zach Hanley at it again with the Palo Alto Networks vulnerabilities. In trying to find CVE2-2024-5910 in Expedition (a configuration migration tool from a supported vendor to Palo Alto Networks PAN-OS), he found CVE-2024-9464, CVE-2024-9465 and CVE-2024-9466. It appears that CVE-2024-9465 (unauth SQL injection) leads to leaking credentials via "users" and "devices" tables which contain password hashes and device API keys. This is the CVE-2024-9466.