19 matches found
VulnCheck KEV: CVE-2025-0107
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...
CVE-2025-0104
A reflected cross-site scripting XSS vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to...
CVE-2025-0107
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...
CVE-2025-0107
CVE-2025-0107 – Palo Alto Networks Expedition OS command injection . The connected templates confirm an OS command injection in Palo Alto Networks Expedition that allows an unauthenticated attacker to execute arbitrary OS commands as the www-data user, leading to disclosure of usernames, cleartex...
CVE-2025-0107 Expedition: OS Command Injection Vulnerability
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...
CVE-2025-0107 Expedition: OS Command Injection Vulnerability
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...
CVE-2025-0105 Expedition: Arbitrary File Deletion Vulnerability
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem...
Palo Alto Networks Expedition 安全漏洞
Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker could exploit the vulnerability to delete arbitrary files on the host's file system...
Palo Alto Networks Expedition 安全漏洞
Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting the vulnerability could enumerate files on the host's file system...
Palo Alto Networks Expedition 安全漏洞
Palo Alto Networks Expedition is a network security appliance used to provide firewall, intrusion detection, and prevention. The Palo Alto Networks Expedition suffers from a command injection vulnerability that can be exploited by an attacker to run arbitrary operating system commands, which can...
PT-2025-1076
Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition versions 1.2.101 and earlier Description An OS command injection issue exists in Palo Alto Networks Expedition. This allows an unauthenticated attacker to execute arbitrary OS commands as the www-data user...
PT-2025-1074
Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition affected versions not specified Description The issue is related to an arbitrary file deletion vulnerability in Palo Alto Networks Expedition. This vulnerability allows an unauthenticated attacker to delete...
PT-2025-1007
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: A SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes,...
Palo Alto Expedition 1.2.x < 1.2.92 (CVE-2024-5910)
The version of Palo Alto Expedition installed on the remote host is prior to 1.2.92. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5910 advisory. - Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account...
VulnCheck KEV: CVE-2024-5910
Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data...
PT-2024-39651 · Palo Alto Networks · Palo Alto Networks Expedition
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: An OS command injection issue allows an unauthenticated attacker to run arbitrary OS commands as root. Recommendations: At the moment, there is no information about a...
CVE-2024-9464
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...
PT-2024-6883 · Palo Alto Networks · Palo Alto Networks Expedition
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition. This result...
PT-2024-5656 · Palo Alto Networks · Palo Alto Networks Expedition
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition versions prior to 1.2.92 Description: The vulnerability is related to a missing authentication mechanism for a critical function in Palo Alto Networks Expedition, allowing an attacker with network access to take...