Question 1

What is CVE-2024-9463 — Palo Alto Networks Expedition OS Command Injection Vulnerability?

Accepted Answer

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Question 2

What is the authoritative source for CVE-2024-9463?

Accepted Answer

Palo Alto Networks Expedition OS Command Injection Vulnerability (CVE-2024-9463) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2024-9463Palo Alto Networks Expedition OS Command Injection Vulnerability

Description

Scoring

CISA KEV entry

(incoming)1

Related by meaning· 6