October 2024 - Palo Alto Networks Vulnerabilities
CVE-2024-9473: Privilege Escalation Vulnerability in GlobalProtect Application
A privilege escalation vulnerability exists in Palo Alto Networks GlobalProtect application on Windows, allowing a locally authenticated non-administrative Windows user to escalate privileges to the NT AUTHORITY/SYSTEM level. This can be achieved via the repair function of the .msi file used during the installation of GlobalProtect.
- Release Date: October 9, 2024
- CVSS Score: 7.8 HIGH
- Description: This vulnerability enables a low-privileged user to gain full control of the system, posing a significant risk to system security.
CVE-2024-9465: SQL Injection Vulnerability in Expedition
A SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to expose contents of the Expedition database. Attackers can retrieve password hashes, usernames, device configurations, and device API keys. Additionally, they can create and read arbitrary files in the Expedition system.
- Release Date: October 9, 2024
- CVSS Score: 9.1 CRITICAL
- Description: SQL injection vulnerabilities pose serious threats to database security. This vulnerability allows attackers to access and manage the database, compromising the integrity of the system.
CVE-2024-9463: OS Command Injection Vulnerability in Expedition
An OS command injection vulnerability exists in Palo Alto Networks Expedition, enabling an unauthenticated attacker to execute arbitrary OS commands with root privileges in Expedition. This could lead to exposure of usernames, plaintext passwords, device configurations, and device API keys related to PAN-OS firewalls.
- Release Date: October 9, 2024
- CVSS Score: 7.5 HIGH
- Description: OS command injection allows attackers to perform high-privilege operations on the system, creating critical vulnerabilities in network security.