CVE-2024-9463
Palo Alto Networks Expedition OS Command Injection Vulnerability
⚠ KEVEPSS 94.2%
Description
Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
How to fix CVE-2024-9463
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2024-9463 being exploited?
Yes — CVE-2024-9463 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.