—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple vulnerabilities in Palo Alto Networks 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Palo Alto Networks Expedition  Prior to 1.2.96

Overview

Multiple vulnerabilities in Palo Alto Networks Expedition could allow an attacker to access sensitive data and manipulate files on the system. An attacker could exploit these vulnerabilities to read Expedition database and arbitrary files, as well as write arbitrary files to temporary storage locations on the Expedition system such as usernames, plaintext passwords, device configurations, and API keys for PAN-OS firewalls.

Target Audience:

Large enterprises, Managed Security Service Providers, Telecoms and ISPs, Cloud Providers and Industries with complex or highly regulated IT environments.

Risk Assessment:

Critical risks on confidentiality, integrity, and availability of the systems.

Impact Assessment:

Unauthorized access to sensitive information, compromise of integrity and confidentiality.

Description

1. Command Injection Vulnerability ( CVE-2024-9463   CVE-2024-9464   )

These vulnerabilities exist in Palo Alto Networks Expedition due to OS command injection vulnerability. An attacker could exploit these vulnerabilities to run arbitrary OS commands as root resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Successfully exploitation these vulnerabilities could allow a remote attacker to execute arbitrary commands on the target system.

2. SQL Injection Vulnerability ( CVE-2024-9465   CVE-2024-9466   )

These vulnerabilities exist in Palo Alto Networks Expedition which could allow a remote attacker to send specially crafted SQL statements, to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With these, attackers can also create and read arbitrary files on the Expedition system.

3. Cross-Site Script Vulnerability ( CVE-2024-9467   )

This vulnerability exists in Palo Alto Networks Expedition which could allow a attacker to execution of malicious JavaScript in the context of an authenticated Expedition users browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

Solution

Apply appropriate security updates as mentioned in:

https://security.paloaltonetworks.com/PAN-SA-2024-0010

Vendor Information

Palo Alto Networks

https://security.paloaltonetworks.com/PAN-SA-2024-0010

References

Palo Alto Networks

https://security.paloaltonetworks.com/PAN-SA-2024-0010

CVE Name

CVE-2024-9463

CVE-2024-9464

CVE-2024-9465

CVE-2024-9466

CVE-2024-9467

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkEriIACgkQ3jCgcSdc

ys9zEQ//SQrktJBvY5rEiLL9BkiiWqt1gs3mArEsKJKkmG4p+Mgl7IQ3GQOVaoH2

TMjrdUstTwJlaNXZligMWPhWUxICUi0Uh4Q9Lx1sYj26c9G0LQKoenlovcievFfh

QNGSH9SYLf7cQo5eFpAedn6A/NzQGqBev/qYTmili9mcEBNPSs4Lij8eXSKkX+YQ

Yzx5GOIvAD8J+G+ixjDFbSXgzlo9rQTUNuWal+dlhBI9cDUtNQBxgaYYIcW3GFfB

X9JPgKg7c9UoNVZ9arAN9Mx1r3BwzbLxynO9E+fJP86AThaqktBQc0EMi3AuTecE

QOLElpMEEZMT0JtkLuMIUpxGB4fDdD90Eku/d/y7i05JM6hmrmnSHTnlk0UMuQeR

UE3SOgH3qmHK/AK2oFjgNL0ITsG7rXU/qCW44qHwidkWZAi9GLbfvL2w2Ob9Bk9g

vh4CdbvEMLEkiRaDhUVP9eJaz2EkefmqwogCifU18t/mmA30lQFpA57o3vHdWT2/

fbl1rPfsalxbnSKvZGo8WiCvD+PWDpBa3WiqFwMKcu3z7GnbGFD6lOhK1cNCM7NS

S2v3cDzNxsB0MkK6tqLJU8+xWqVR07rp+6d5ykTOhEFms4WCsz5fb1mBShekJLRq

DkuJ7mKRsxoN96fVimUTpsduujF+sI5V2HXdqcc7JA3TtpoOx6Q=

=7qiU

—–END PGP SIGNATURE—–