Summary
Palo Alto Networks has released security updates to address multiple vulnerabilities. In particular, for 5 of these vulnerabilities – which affect the Network Expedition solution – a Proof of Concept (PoC) is available that could allow the concatenated exploitation of the same in order to take control of the administration accounts of firewall products.
Note: a Proof of Concept (PoC) for the exploitation of the vulnerabilities CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467 is available online.
Note (updated 11/15/2024): the vendor states that CVE-2024-9463 and CVE-2024-9465 are being actively exploited online.
Risk
Estimate of impact of vulnerability on the reference community: SERIOUS/RED (79.35/100)1.
Type
- Arbitrary Code Execution
- Data Manipulation
- Denial of Service
- Information Disclosure
- Information Leakage
- Security Restrictions Bypass
Affected Products and Versions
Networks Expedition, versions prior to 1.2.96
PAN-PS
- 11.1, versions prior to 11.1.3
- 11.0.4.x, versions prior to 11.0.4-h5
- 11.0.6.x, versions prior to 11.0.6
- 10.2.9.x, versions prior to 10.2.9-h11
- 10.2.10.x, versions prior to 10.2.10-h4
- 10.2.11.x, versions prior to 10.2.11
Mitigation Actions
In line with vendor statements, it is recommended to promptly update the vulnerable products to the latest available version and perform the post-update actions recommended in the security bulletin, available in the References section.
Unique Vulnerability Identifiers
The following are the CVEs for the “Critical” and “High” severity vulnerabilities only:
References
https://security.paloaltonetworks.com/CVE-2024-9468
https://security.paloaltonetworks.com/PAN-SA-2024-0010
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
