Critical Command Injection and SQL Injection Vulnerabilities in Palo Alto Networks Expedition

ISGroup Cybersecurity

The vulnerabilities were discovered by Zach Hanley, a researcher at Horizon3.ai, who reported them to Palo Alto Networks. The Expedition tool, a community-supported solution, assists users in migrating configurations from other vendors to the Palo Alto environment, helping to enforce security policies based on user and application IDs. A successful exploit could allow attackers to take control of firewall administration accounts or abuse access to PAN-OS devices. The flaws have CVSS scores of 9.9 (CVE-2024-9463) and 9.2 (CVE-2024-9465), underscoring the high risk they pose. Although there are currently no reports of active exploitation, the severity of the vulnerabilities requires immediate attention.

ProductExpedition Project
Date2024-10-14 10:03:02
Information
  • Trending
  • Fix Available

Technical Summary

The vulnerabilities were discovered by Zach Hanley, a researcher at Horizon3.ai, who reported them to Palo Alto Networks. The Expedition tool, a community-supported solution, assists users in migrating configurations from other vendors to the Palo Alto environment, helping to enforce security policies based on user and application IDs. A successful exploit could allow attackers to take control of firewall administration accounts or abuse access to PAN-OS devices. The flaws have CVSS scores of 9.9 (CVE-2024-9463) and 9.2 (CVE-2024-9465), underscoring the high risk they pose. Although there are currently no reports of active exploitation, the severity of the vulnerabilities requires immediate attention.

Recommendations

  • Immediately update Palo Alto Networks Expedition to the latest patched version.
  • Rotate all exposed API keys for PAN-OS firewalls.
  • Reset and secure all passwords and API keys associated with PAN-OS devices.
  • Review and restrict network access to the Expedition tool, allowing it only from trusted IP addresses.

[Callforaction-THREAT-Footer]