CVE-2024-9466 Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials...

CVE-2024-9464 Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disclosure

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

CVE-2024-9463 Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

CVE-2024-9463 Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

CVE-2024-22397

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...

CVE-2024-22397

This CVE affects SonicOS SSLVPN Portal (SonicWall) and is a Stored Cross-Site Scripting flaw. Root cause: improper neutralization of input during web page generation. Impact: an authenticated remote attacker with firewall admin privileges can store and execute arbitrary JavaScript in the context ...