CVE-2024-9467

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Oct 9, 2024 / Updated: 41d ago

010
CVSS 7EPSS 0.04%High
CVE info copied to clipboard

Summary

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link. This vulnerability affects Palo Alto Networks Expedition versions 1.2.0 up to, but not including, 1.2.96.

Impact

This vulnerability could allow attackers to conduct phishing attacks that may lead to Expedition browser session theft. The impact is primarily on the confidentiality and integrity of user data, with potential for attackers to gain unauthorized access to sensitive information or perform actions on behalf of the authenticated user. The CVSS v3.1 base score is 6.1 (Medium severity), while the CVSS v4.0 base score is 7.0 (High severity), indicating a significant risk.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Palo Alto Networks has released security updates to address this vulnerability. The patch details can be found at https://security.paloaltonetworks.com/PAN-SA-2024-0010.

Mitigation

1. Update Palo Alto Networks Expedition to version 1.2.96 or later as soon as possible. 2. Implement strong input validation and output encoding practices to prevent XSS attacks. 3. Educate users about the risks of clicking on untrusted links, especially those received through email or other messaging platforms. 4. Consider implementing Content Security Policy (CSP) headers to mitigate the risk of XSS attacks. 5. Regularly monitor and audit the Expedition application for any suspicious activities or unauthorized access attempts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9467

Oct 9, 2024 at 5:15 PM
CVSS

A CVSS base score of 7 has been assigned.

Oct 9, 2024 at 5:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9467. See article

Oct 9, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 9, 2024 at 5:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 10, 2024 at 10:30 AM
Threat Intelligence Report

CVE-2024-9467 is a reflected XSS vulnerability with a CVSS score of 7.0, allowing for the execution of malicious JavaScript, which could lead to phishing attacks or session theft. The details provided do not specify whether it is being exploited in the wild, nor do they mention any proof-of-concept exploits, mitigations, detections, or patches available. Additionally, there is no information regarding potential downstream impacts to other third-party vendors or technology. See article

Oct 10, 2024 at 10:50 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (731836)

Oct 11, 2024 at 7:53 AM
CVSS

A CVSS base score of 6.1 has been assigned.

Oct 15, 2024 at 3:10 PM / nvd
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/expedition
+null more

Patches

security.paloaltonetworks.com
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

References

CVE ID
Device details : PAN-PA-5060 / Palo Alto There are 6 CVEs in the advisory. DESCRIPTION: CVE-2024-9463: CVSS: 9.9 CVE-2024-9464: CVSS: 9.3 CVE-2024-9465: CVSS: 9.2 CVE-2024-9466:
PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities in Expedition Lead to Exposure of Firewall Credentials (Severity: CRITICAL)
CVE-2024-9464 9.3 ( CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N ) An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. CVE CVSS Summary CVE-2024-9463 9.9 ( CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N ) An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, & CVE-2024-9467)
This SQL injection vulnerability allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. Successful exploitation may allow attackers to access sensitive data, such as user credentials, to help take over firewall admin accounts.
See 7 more references

News

Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467)
Description: Allows an unauthenticated attacker to execute OS commands as root, exposing sensitive data such as usernames, cleartext passwords, device configurations, and API keys of PAN-OS firewalls Description: Allows an authenticated user to execute OS commands as root, potentially leading to unauthorized data access and exposure of credentials
U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog | #ransomware | #cybercrime
CVE-2024-9463 (CVSS 9.9) – A command injection vulnerability in Palo Alto Networks’ Expedition allows unauthenticated attackers to execute OS commands as root, exposing usernames, passwords, configurations, and API keys of PAN-OS firewalls. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following Palo Alto Networks Expedition vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog :
U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog | #ransomware | #cybercrime
CVE-2024-9463 (CVSS 9.9) – A command injection vulnerability in Palo Alto Networks’ Expedition allows unauthenticated attackers to execute OS commands as root, exposing usernames, passwords, configurations, and API keys of PAN-OS firewalls. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following Palo Alto Networks Expedition vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog :
U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog
CVE-2024-9463 (CVSS 9.9) – A command injection vulnerability in Palo Alto Networks’ Expedition allows unauthenticated attackers to execute OS commands as root, exposing usernames, passwords, configurations, and API keys of PAN-OS firewalls. CVE-2024-9466 (CVSS 8.2) – A vulnerability in Palo Alto Networks Expedition allows authenticated attackers to access sensitive information, revealing firewall usernames, passwords, and API keys stored in cleartext.
U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog
CVE-2024-9463 (CVSS 9.9) – A command injection vulnerability in Palo Alto Networks’ Expedition allows unauthenticated attackers to execute OS commands as root, exposing usernames, passwords, configurations, and API keys of PAN-OS firewalls. CVE-2024-9466 (CVSS 8.2) – A vulnerability in Palo Alto Networks Expedition allows authenticated attackers to access sensitive information, revealing firewall usernames, passwords, and API keys stored in cleartext.
See 65 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Changed
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI