PT-2024-6884 · Palo Alto Networks · Palo Alto Networks Expedition
Hacks_Zach
+1
·
Published
2024-10-09
·
Updated
2024-11-16
·
CVE-2024-9466
CVSS v4.0
8.2
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks Expedition (affected versions not specified)
Description
The issue is related to the cleartext storage of sensitive information in Palo Alto Networks Expedition, allowing an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. This can be exploited by a remote attacker to obtain encrypted user credentials. The vulnerability involves a flaw in the storage of sensitive information, potentially through registration files or logs.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Insertion into Log File
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Palo Alto Networks Expedition