Lucene search
+L

213 matches found

CNNVD
CNNVD
added 2025/01/11 12:0 a.m.6 views

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting this vulnerability could gain access to Expedition database contents such...

9.2CVSS9.1AI score0.00606EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/01/09 5:29 p.m.31 views

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool...

9.2CVSS10AI score0.98545EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.5 views

PT-2025-1080

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition affected versions not specified Description A reflected cross-site scripting XSS vulnerability in Palo Alto Networks Expedition allows attackers to execute malicious JavaScript code in the context of an...

7CVSS7.6AI score0.0035EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.12 views

PT-2025-1074

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition affected versions not specified Description The issue is related to an arbitrary file deletion vulnerability in Palo Alto Networks Expedition. This vulnerability allows an unauthenticated attacker to delete...

9.1CVSS7.6AI score0.12955EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.12 views

PT-2025-1076

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition versions 1.2.101 and earlier Description An OS command injection issue exists in Palo Alto Networks Expedition. This allows an unauthenticated attacker to execute arbitrary OS commands as the www-data user...

9.8CVSS7.8AI score0.77653EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.9 views

PT-2025-1075

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition affected versions not specified Description The issue is related to a wildcard expansion vulnerability in Palo Alto Networks Expedition. This vulnerability allows an unauthenticated attacker to enumerate files on...

6.9CVSS5.9AI score0.00474EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.6 views

PT-2025-1007

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: A SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes,...

9.2CVSS7.6AI score0.00606EPSS
Exploits0References15
GithubExploit
GithubExploit
added 2024/12/03 12:16 p.m.307 views

Exploit for SQL Injection in Paloaltonetworks Expedition

CVE-2024-9465: Unauthenticated SQL Injection Vulnerability in...

9.2CVSS7.4AI score0.99609EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2024/11/15 8:37 p.m.34 views

Metasploit Weekly Wrap-Up: 11/15/2024

Palo Alto Expedition RCE module This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-946...

9.3CVSS8.6AI score0.91783EPSS
Exploits14
0day.today
0day.today
added 2024/11/14 12:0 a.m.222 views

Palo Alto Expedition 1.2.91 Remote Code Execution Exploit

This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a defau...

9.3CVSS8.6AI score0.91783EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
added 2024/11/14 12:0 a.m.17 views

Palo Alto Networks Expedition OS Command Injection Vulnerability

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

9.9CVSS7.7AI score0.9846EPSS
In wildExploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/11/14 12:0 a.m.27 views

Palo Alto Networks Expedition SQL Injection Vulnerability

Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the...

9.2CVSS8AI score0.99609EPSS
In wildExploits3
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.20 views

Palo Alto Expedition 1.2.x < 1.2.92 (CVE-2024-5910)

The version of Palo Alto Expedition installed on the remote host is prior to 1.2.92. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5910 advisory. - Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account...

9.8CVSS8.7AI score0.91783EPSS
Exploits9References2
Metasploit
Metasploit
added 2024/11/13 6:55 p.m.355 views

Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)

Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will ge...

9.8CVSS8.8AI score0.91783EPSS
Exploits9
Packet Storm
Packet Storm
added 2024/11/13 12:0 a.m.317 views

Palo Alto Expedition 1.2.91 Remote Code Execution

class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...

9.8CVSS7.4AI score0.91783EPSS
Exploits14
Packet Storm
Packet Storm
added 2024/11/13 12:0 a.m.486 views

Palo Alto Expedition 1.2.91 Remote Code Execution

class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...

9.8CVSS7.3AI score0.91783EPSS
Exploits14
HackRead
HackRead
added 2024/11/11 12:3 p.m.9 views

CISA Urges Patching of Critical Palo Alto Networks’ Expedition Tool Vulnerability

A critical security vulnerability in Palo Alto Networks' Expedition tool is being actively exploited by hackers. CISA urges…...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/08 5:17 a.m.50 views

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 CVS...

10CVSS8.4AI score0.91783EPSS
Exploits16
VulnCheck KEV
VulnCheck KEV
added 2024/11/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-5910

Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data...

9.8CVSS7.3AI score0.91783EPSS
Exploits9References1
CISA KEV Catalog
CISA KEV Catalog
added 2024/11/07 12:0 a.m.51 views

Palo Alto Networks Expedition Missing Authentication Vulnerability

Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data...

9.8CVSS9.6AI score0.91783EPSS
In wildExploits9
Rows per page
Query Builder