A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/PAN-SA-2024-0010 | Mitigation Vendor Advisory |
https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ |
Configurations
History
17 Oct 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Oct 2024, 15:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Paloaltonetworks
Paloaltonetworks expedition |
|
CWE | CWE-312 | |
CPE | cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:* | |
References | () https://security.paloaltonetworks.com/PAN-SA-2024-0010 - Mitigation, Vendor Advisory |
10 Oct 2024, 12:51
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-09 17:15
Updated : 2024-10-17 06:15
NVD link : CVE-2024-9466
Mitre link : CVE-2024-9466
CVE.ORG link : CVE-2024-9466
JSON object : View
Products Affected
paloaltonetworks
- expedition