Main Vulnerability Database Vulnerabilities #VU98386

Cleartext storage of sensitive information in Expedition - CVE-2024-9466

Published: October 11, 2024 / Updated: October 22, 2024

Vulnerability identifier: #VU98386

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2024-9466

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Palo Alto Networks, Inc.

Affected software:
Expedition

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to firewall usernames, passwords, and API keys generated using those credentials are stored in plain text on the system. A local user can obtain credentials of other users.

How to mitigate CVE-2024-9466

Install updates from vendor's website.

Sources

https://security.paloaltonetworks.com/PAN-SA-2024-0010

Cleartext storage of sensitive information in Expedition - CVE-2024-9466

Detailed vulnerability description

How to mitigate CVE-2024-9466

Sources

Please verify you're human