Horizon3: Palo Alto Expedition: From N-Day to Full Compromise References: ...

Not Simon the Goat /

npub1cet…clln

2024-10-09 16:51:28

Horizon3: Palo Alto Expedition: From N-Day to Full Compromise
References:

CVE-2024-5910 (CVSSv4: 9.3 critical, disclosed 10 July 2024 by Palo Alto Networks) Expedition: Missing Authentication Leads to Admin Account Takeover
CVE-2024-9464 Expedition: Authenticated Command Injection
CVE-2024-9465 Expedition: Unauthenticated SQL Injection
CVE-2024-9466 Expedition: Cleartext Credentials in Logs

Daaaaaaaamn npub1t5hgzdl3ydvfvv4asfeam0syskvsxndczhv5lmtr0urg79laj0yq48hhlw (npub1t5h…hhlw), Zach Hanley at it again with the Palo Alto Networks vulnerabilities. In trying to find CVE2-2024-5910 in Expedition (a configuration migration tool from a supported vendor to Palo Alto Networks PAN-OS), he found CVE-2024-9464, CVE-2024-9465 and CVE-2024-9466. It appears that CVE-2024-9465 (unauth SQL injection) leads to leaking credentials via "users" and "devices" tables which contain password hashes and device API keys. This is the CVE-2024-9466.

#paloaltonetworks #expedition #vulnerability #CVE #vulnerabilityanalysis

Author Public Key

npub1cetfz9z5qtn3lly58p3t4hmxxqhy0vml22z5g8rve3vjesg5gzxs6mclln

Seen on

wss://relay.nostr.band

Show more details

Published at

2024-10-09 16:51:28

Kind type

1 Short Text Note

Event JSON

{ "id": "7ea0be21b2395dd6a44f54f37a7e64d3b874f1509ca3c79e59b716b65bd0c03c", "pubkey": "c65691145402e71ffc943862badf66302e47b37f5285441c6ccc592cc114408d", "created_at": 1728492688, "kind": 1, "tags": [ [ "p", "5d2e8137f123589632bd8273ddbe048599034db815d94fed637f068f17fd93c8", "wss://relay.mostr.pub" ], [ "p", "5f9724e4491255651279b2d79058ef6da08e5d5f16b9549d8869922bd66a5a53", "wss://relay.mostr.pub" ], [ "t", "paloaltonetworks" ], [ "t", "expedition" ], [ "t", "vulnerability" ], [ "t", "cve" ], [ "t", "vulnerabilityanalysis" ], [ "proxy", "https://infosec.exchange/users/screaminggoat/statuses/113278496839094188", "activitypub" ] ], "content": "Horizon3: Palo Alto Expedition: From N-Day to Full Compromise\nReferences: \n\nCVE-2024-5910 (CVSSv4: 9.3 critical, disclosed 10 July 2024 by Palo Alto Networks) Expedition: Missing Authentication Leads to Admin Account Takeover\nCVE-2024-9464 Expedition: Authenticated Command Injection\nCVE-2024-9465 Expedition: Unauthenticated SQL Injection\nCVE-2024-9466 Expedition: Cleartext Credentials in Logs\n\nDaaaaaaaamn nostr:npub1t5hgzdl3ydvfvv4asfeam0syskvsxndczhv5lmtr0urg79laj0yq48hhlw, Zach Hanley at it again with the Palo Alto Networks vulnerabilities. In trying to find CVE2-2024-5910 in Expedition (a configuration migration tool from a supported vendor to Palo Alto Networks PAN-OS), he found CVE-2024-9464, CVE-2024-9465 and CVE-2024-9466. It appears that CVE-2024-9465 (unauth SQL injection) leads to leaking credentials via \"users\" and \"devices\" tables which contain password hashes and device API keys. This is the CVE-2024-9466.\n\n#paloaltonetworks #expedition #vulnerability #CVE #vulnerabilityanalysis", "sig": "fb50dce7c0661efd3fc034013507939b52879e3317a2b5321aec27fa8f87f31fe1355402cd8f8280d97cefdfebc72cc0899dc268029041ce0ab3720256d2595f" }