Critical vulnerabilities in PaloAlto Expedition: everything you need to know
Palo Alto Networks' Expedition tool has been found to contain multiple critical vulnerabilities, including OS command injection (CVE-2024-9463 and CVE-2024-9464), SQL injection (CVE-2024-9465), cleartext storage of sensitive information (CVE-2024-9466), and cross-site scripting (XSS) (CVE-2024-9467). These vulnerabilities have high CVSS scores up to 9.9 and can lead to unauthorized access, credential theft, and administrative takeover. The tool is used for migrating configurations to Palo Alto Networks systems and is not widely present in cloud environments. Security teams are advised to upgrade to Expedition version 1.2.96 or later, restrict network access, rotate credentials, monitor logs for signs of unauthorized activity, and disable unused instances of the software. Additional recommendations include inspecting access logs for HTTP requests targeting vulnerable endpoints and checking the Expedition database for suspicious entries. CVEs: CVE-2024-5910, CVE-2024-9463, CVE-2024-9466, CVE-2024-9467, CVE-2024-9465, CVE-2024-9464 [View Article](https://www.wiz.io/blog/palo-alto-networks-expedition-critical-vulnerabilities-advisory)