Palo Alto Networks Expedition

Do you want an email whenever new security vulnerabilities are reported in Palo Alto Networks Expedition?

By the Year

In 2024 there have been 5 vulnerabilities in Palo Alto Networks Expedition with an average score of 7.1 out of ten. Expedition did not have any published security vulnerabilities last year. That is, 5 more vulnerabilities have already been reported in 2024 as compared to last year.

Year	Vulnerabilities	Average Score
2024	5	7.14
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	3	4.80
2018	2	8.65

It may take a day or so for new Expedition vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Palo Alto Networks Expedition Security Vulnerabilities

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if

CVE-2024-9467 6.1 - Medium - October 09, 2024

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

XSS

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition

CVE-2024-9466 6.5 - Medium - October 09, 2024

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

Cleartext Storage of Sensitive Information

An SQL injection vulnerability in Palo Alto Networks Expedition

CVE-2024-9465 9.1 - Critical - October 09, 2024

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

SQL Injection

An OS command injection vulnerability in Palo Alto Networks Expedition

CVE-2024-9464 6.5 - Medium - October 09, 2024

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Shell injection

An OS command injection vulnerability in Palo Alto Networks Expedition

CVE-2024-9463 7.5 - High - October 09, 2024

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Shell injection

The Expedition Migration tool 1.1.8 and earlier may

CVE-2019-1571 4.8 - Medium - March 26, 2019

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.

XSS

The Expedition Migration tool 1.1.8 and earlier may

CVE-2019-1569 4.8 - Medium - March 26, 2019

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.

XSS

The Expedition Migration tool 1.1.8 and earlier may

CVE-2019-1570 4.8 - Medium - March 26, 2019

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.

XSS

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may

CVE-2018-10143 9.8 - Critical - December 12, 2018

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.

Improper Privilege Management

The Expedition Migration tool 1.0.106 and earlier may

CVE-2018-10142 7.5 - High - November 27, 2018

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Palo Alto Networks Expedition or by Palo Alto Networks? Click the Watch button to subscribe.

Palo Alto Networks
Vendor

Palo Alto Networks Expedition
Product

Palo Alto Networks Expedition

By the Year

Recent Palo Alto Networks Expedition Security Vulnerabilities

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if CVE-2024-9467 6.1 - Medium - October 09, 2024

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition CVE-2024-9466 6.5 - Medium - October 09, 2024

An SQL injection vulnerability in Palo Alto Networks Expedition CVE-2024-9465 9.1 - Critical - October 09, 2024

An OS command injection vulnerability in Palo Alto Networks Expedition CVE-2024-9464 6.5 - Medium - October 09, 2024

An OS command injection vulnerability in Palo Alto Networks Expedition CVE-2024-9463 7.5 - High - October 09, 2024

The Expedition Migration tool 1.1.8 and earlier may CVE-2019-1571 4.8 - Medium - March 26, 2019

The Expedition Migration tool 1.1.8 and earlier may CVE-2019-1569 4.8 - Medium - March 26, 2019

The Expedition Migration tool 1.1.8 and earlier may CVE-2019-1570 4.8 - Medium - March 26, 2019

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may CVE-2018-10143 9.8 - Critical - December 12, 2018

The Expedition Migration tool 1.0.106 and earlier may CVE-2018-10142 7.5 - High - November 27, 2018