VDB
CVE-2024-9465
CVE-2024-9465
PUBLISHED
KEV
Es besteht eine Schwachstelle in PaloAlto Networks Expedition aufgrund unzureichender Bereinigung, die zu SQL-Injection führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um das System zu manipulieren, beliebige Dateien zu erstellen oder zu lesen und vertrauliche Informationen wie Passwort-Hashes, Benutzernamen und Konfigurationen offenzulegen.
EPSS 94.29% · 99.9th percentile
Risk Scores
EPSS Score
94.29%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PaloAlto Networks | PaloAlto Networks Expedition <1.2.96 |
Exploit Intelligence
- Checkpoint SQL Injection via Time-Based Attack (CVE-2024-9465) (github-poc)
- Checkpoint SQL Injection via Time-Based Attack (CVE-2024-9465) (github-poc)
- Checkpoint SQL Injection via Time-Based Attack (CVE-2024-9465) (github-poc)
- Checkpoint SQL Injection via Time-Based Attack (CVE-2024-9465) (github-poc)
- Checkpoint SQL Injection via Time-Based Attack (CVE-2024-9465) (github-poc)
- Checkpoint SQL Injection via Time-Based Attack (CVE-2024-9465) (github-poc)
- Checkpoint SQL Injection via Time-Based Attack (CVE-2024-9465) (github-poc)
- Proof of Concept Exploit for CVE-2024-9465 (github-poc)
- Proof of Concept Exploit for CVE-2024-9465 (github-poc)
- Proof of Concept Exploit for CVE-2024-9465 (github-poc)
…and 51 more exploits
Timeline
- Oct 9, 2024 CVE Published
- Oct 10, 2024 PoC Published
- Oct 10, 2024 EPSS Score
- Oct 14, 2024 Coalition ESS Score
- Oct 16, 2024 EPSS Score
- Oct 17, 2024 Coalition ESS Score
- Oct 17, 2024 Coalition ESS Score
- Oct 18, 2024 EPSS Score
- Oct 29, 2024 EPSS Score
- Nov 14, 2024 CISA KEV Added
- Nov 14, 2024 Coalition ESS Score
- Nov 15, 2024 Coalition ESS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3146.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3146 advisory
- https://security.paloaltonetworks.com/PAN-SA-2024-0010 advisory
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ advisory
- https://github.com/horizon3ai/CVE-2024-9465 advisory
- https://github.com/horizon3ai/CVE-2024-9464 advisory