CVE-2024-9466

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
Configurations

Configuration 1 (hide)

cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*

History

17 Oct 2024, 06:15

Type Values Removed Values Added
References
  • () https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ -

15 Oct 2024, 15:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Paloaltonetworks
Paloaltonetworks expedition
CWE CWE-312
CPE cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*
References () https://security.paloaltonetworks.com/PAN-SA-2024-0010 - () https://security.paloaltonetworks.com/PAN-SA-2024-0010 - Mitigation, Vendor Advisory

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de almacenamiento de texto plano de información confidencial en Palo Alto Networks Expedition permite a un atacante autenticado revelar nombres de usuario, contraseñas y claves API del firewall generadas con esas credenciales.

09 Oct 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 17:15

Updated : 2024-10-17 06:15


NVD link : CVE-2024-9466

Mitre link : CVE-2024-9466

CVE.ORG link : CVE-2024-9466


JSON object : View

Products Affected

paloaltonetworks

  • expedition
CWE
CWE-312

Cleartext Storage of Sensitive Information

CWE-532

Insertion of Sensitive Information into Log File