CVE-2024-9465

CRITICAL KEV NUCLEI

Paloaltonetworks Expedition < 1.2.96 - SQL Injection

Title source: rule

Description

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Exploits (5)

nomisec WORKING POC 30 stars

by horizon3ai · infoleak

https://github.com/horizon3ai/CVE-2024-9465

View Code ZIP pw:eip

nomisec WORKING POC

by Qlng · poc

https://github.com/Qlng/CVE-2024-9465

View Code ZIP pw:eip

vulncheck_xdb

remote

https://github.com/XiaomingX/cve-2024-9465-poc

View on vulncheck_xdb

vulncheck_xdb

infoleak

https://github.com/mustafaakalin/CVE-2024-9465

View on vulncheck_xdb

inthewild

poc

https://github.com/xiaomingx/cve-2024-9465-poc

View on inthewild

Nuclei Templates (1)

Palo Alto Expedition - SQL Injection

HIGHVERIFIEDby DhiyaneshDK

Shodan: http.favicon.hash:1499876150

References (3)

[Mitigation, Vendor Advisory] https://security.paloaltonetworks.com/PAN-SA-2024-0010

[Exploit] https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9465

Scores

CVSS v3 9.1

EPSS 0.9429

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CISA KEV 2024-11-14

VulnCheck KEV 2024-11-12

InTheWild.io 2024-11-14

ENISA EUVD EUVD-2024-49957

CWE

CWE-89

Status published

Products (1)

paloaltonetworks/expedition 1.2.0 - 1.2.96

Published Oct 09, 2024

KEV Added Nov 14, 2024

Tracked Since Feb 18, 2026