CVE-2024-9465

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition (affected versions not specified)

Description: The issue is related to an SQL injection vulnerability in Palo Alto Networks Expedition. This vulnerability allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. The estimated number of potentially affected devices worldwide is not specified. However, there are reports of real-world incidents where this issue was exploited.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable SQL injection endpoint to minimize the risk of exploitation. Avoid using vulnerable parameters or variables in the affected API endpoint until the issue is resolved. Additionally, monitor the system for any suspicious activity and consider implementing additional security measures to prevent exploitation.