CVE-2024-9463

HIGH KEV NUCLEI

Palo Alto Networks Expedition 1.2.0-1.2.95 - Unauthenticated OS Command Injection

Title source: llm

Exploitation Summary

CVE-2024-9463 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 14, 2024. EIP tracks 1 public exploit from researchers including momo1239. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits a command injection vulnerability in an unspecified software's CSV-to-Parquet conversion endpoint to achieve remote code execution (RCE) via a reverse shell. It uses a crafted HTTP request to trigger payload execution and includes a local HTTP server to serve the malicious script.

Description

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Exploits (1)

nomisec WORKING POC 1 stars

by momo1239 · remote

https://github.com/momo1239/CVE-2024-9463-Proof-of-Concept

View Code ZIP pw:eip

This PoC exploits a command injection vulnerability in an unspecified software's CSV-to-Parquet conversion endpoint to achieve remote code execution (RCE) via a reverse shell. It uses a crafted HTTP request to trigger payload execution and includes a local HTTP server to serve the malicious script.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unspecified (endpoint: /API/convertCSVtoParquet.php)

No auth needed

Prerequisites: Attacker-controlled HTTP server · Netcat or similar listener · Network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

PaloAlto Networks Expedition - Remote Code Execution

CRITICALVERIFIEDby princechaddha

Shodan: http.favicon.hash:1499876150

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9463

Mitigation, Vendor Advisory vendor-advisory

https://security.paloaltonetworks.com/PAN-SA-2024-0010

Scores

CVSS v3 7.5

EPSS 0.9420

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2024-11-14

VulnCheck KEV 2024-10-15

InTheWild.io 2024-11-14

ENISA EUVD EUVD-2024-49955

CWE

CWE-78

Status published

Products (1)

paloaltonetworks/expedition 1.2.0 - 1.2.96

Published Oct 09, 2024

KEV Added Nov 14, 2024

Tracked Since Feb 18, 2026