Palo Alto Networks Product Security Update Advisory
Overview
Palo Alto Networks has released security updates to fix vulnerabilities in its products. Users of affected systems are advised to update to the latest version
Affected Products
CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467
- Expedition versions: ~ 1.2.96 (excluded)
Resolved Vulnerabilities
OS Command Injection Vulnerability in Expedition by Palo Alto Networks (CVE-2024-9463)
OS Command Injection Vulnerability in Expedition by Palo Alto Networks (CVE-2024-9464)
SQL Injection Vulnerability in Expedition by Palo Alto Networks (CVE-2024-9465)
Sensitive Information Disclosure Vulnerability in Expedition by Palo Alto Networks (CVE-2024-9466)
Reflected XSS Vulnerability in Expedition by Palo Alto Networks (CVE-2024-9467)
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available with the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467
- Expedition version: 1.2.96 or later version
References
[1] PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities in Expedition Lead to Exposure of Firewall Credentials
https://security.paloaltonetworks.com/PAN-SA-2024-0010
[2] CVE-2024-9463 Detail
[3] CVE-2024-9464 Detail
[4] CVE-2024-9465 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-9465
[5] CVE-2024-9466 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-9466
[6] CVE-2024-9467 Detail