Main Vulnerability Database Vulnerabilities #VU98386

#VU98386 Cleartext storage of sensitive information in Expedition - CVE-2024-9466

Published: October 11, 2024 / Updated: October 22, 2024

Vulnerability identifier: #VU98386

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2024-9466

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Expedition

Software vendor:
Palo Alto Networks, Inc.

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to firewall usernames, passwords, and API keys generated using those credentials are stored in plain text on the system. A local user can obtain credentials of other users.

Remediation

Install updates from vendor's website.

External links

https://security.paloaltonetworks.com/PAN-SA-2024-0010

#VU98386 Cleartext storage of sensitive information in Expedition - CVE-2024-9466

Description

Remediation

External links

Please verify you're human