CVE-2024-9466

MEDIUM

Paloaltonetworks Expedition < 1.2.96 - Log Information Exposure

Title source: rule

Description

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

Exploits (1)

nomisec SCANNER 1 stars

by holypryx · poc

https://github.com/holypryx/CVE-2024-9466

View Code ZIP pw:eip

References (2)

[Mitigation, Vendor Advisory] https://security.paloaltonetworks.com/PAN-SA-2024-0010

[Various Sources] https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/

Scores

CVSS v3 6.5

EPSS 0.2012

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532 CWE-312

Status published

Products (1)

paloaltonetworks/expedition 1.2.0 - 1.2.96

Published Oct 09, 2024

Tracked Since Feb 18, 2026