H3-2024-0042¶

Palo Alto Expedition Authenticated Sensitive Information Leak Vulnerability

Description¶

This vulnerability was reported as a 0-day and now assigned CVE-2024-9466. The Palo Alto Expedition server verbosely logs web requests from device integration to a world readable file on the filesystem which includes cleartext credentials and API keys.

Impact¶

An attacker who abuses this vulnerability is able to retrieve cleartext credentials for integrated systems and pivot to those systems.

References¶

• Horizon3.ai: Palo Alto Expedition: From N-Day to Full Compromise
• Palo Alto Advisory
• NVD: CVE-2024-9466