CVE-2024-9465 Vulnerability Details

  /     /     /  

CVE-2024-9465 Metadata Quick Info

CVE Published: 09/10/2024 | CVE Updated: 14/11/2024 | CVE Year: 2024
Source: palo_alto | Vendor: Palo Alto Networks | Product: Expedition
Status : PUBLISHED

CVE-2024-9465 Description

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-89
CWE Name: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ( SQL Injection )
Source: Palo Alto Networks

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-108
CAPEC Description: CAPEC-108 Command Line Execution through SQL Injection


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-9465 Vulnerability Details