H3-2024-0040¶

Palo Alto Expedition Authenticated Command Injection Vulnerability

Description¶

This vulnerability was reported as a 0-day and now assigned CVE-2024-9464. The Palo Alto Expedition server exposes a PHP endpoint which fails to validate inputs, allowing any user to execute arbitrary commands on a vulnerable server.

Impact¶

An attacker who abuses this vulnerability is able take remote control of the server and is able to retrieve sensitive information such as device configurations and API keys.

References¶

• Horizon3.ai: Palo Alto Expedition: From N-Day to Full Compromise
• Palo Alto Advisory
• NVD: CVE-2024-9464