6.5
CVSSv3

CVE-2024-9466

Published: 09/10/2024 Updated: 17/10/2024

Vulnerability Summary

Cleartext Vulnerability in Palo Alto Networks Reveals Sensitive Data

Palo Alto Networks Expedition has a vulnerability where it stores sensitive information in cleartext. This issue lets an authenticated attacker uncover firewall usernames, passwords, and API keys that were made using those credentials.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

paloaltonetworks expedition

Vendor Advisories

Check Point Reference: CPAI-2024-0952 Date Published: 10 Oct 2024 Severity: High ...

Github Repositories

CVE-2024-9466 poc

CVE-2024-9466 CVE-2024-9466 Proof of Concept (PoC) Description This script checks for the CVE-2024-9466 vulnerability by appending /home/userSpace/devices/debugtxt to a list of target URLs or IP addresses It determines if the target is vulnerable based on the HTTP response status code and whether the request is redirected Setup Ensure that a targetstxt file exists in the sa

Recent Articles

Palo Alto Networks warns of firewall hijack bugs with public exploit
BleepingComputer • Sergiu Gatlan • 09 Oct 2024

Palo Alto Networks warns of firewall hijack bugs with public exploit By Sergiu Gatlan October 9, 2024 02:59 PM 0 Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto Networks' Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. They can be exploited to access sensitive data, such as user credentia...