VDB
CVE-2024-9466
CVE-2024-9466
PUBLISHED
Es besteht eine Schwachstelle in PaloAlto Networks Expedition da vertrauliche Informationen im Klartext gespeichert werden. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Firewall-Benutzernamen, Passwörter und API-Schlüssel, die mit diesen Anmeldeinformationen erstellt wurden, offenzulegen.
EPSS 20.12% · 95.6th percentile
Risk Scores
EPSS Score
20.12%
95.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PaloAlto Networks | PaloAlto Networks Expedition <1.2.96 |
Exploit Intelligence
- CVE-2024-9466 poc (github-poc)
- CVE-2024-9466 poc (github-poc)
- CVE-2024-9466 poc (github-poc)
- CVE-2024-9466 poc (github-poc)
- CVE-2024-9466 poc (github-poc)
- CVE-2024-9466 poc (github-poc)
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ (cve.org)
Timeline
- Oct 9, 2024 CVE Published
- Oct 10, 2024 EPSS Score
- Oct 14, 2024 Coalition ESS Score
- Oct 17, 2024 Coalition ESS Score
- Oct 17, 2024 Coalition ESS Score
- Nov 7, 2024 Coalition ESS Score
- Nov 8, 2024 Coalition ESS Score
- Nov 17, 2024 EPSS Score
- Dec 6, 2024 EPSS Score
- Jan 13, 2025 EPSS Score
- Feb 1, 2025 EPSS Score
- Mar 11, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3146.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3146 advisory
- https://security.paloaltonetworks.com/PAN-SA-2024-0010 advisory
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ advisory
- https://github.com/horizon3ai/CVE-2024-9465 advisory
- https://github.com/horizon3ai/CVE-2024-9464 advisory