CVE-2024-9463 CRITICAL

CVE-2024-9463: Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure

Vendor Palo Alto Networks

Product Expedition

Weakness CWE-78

KEV Status Known Exploited

Published October 9, 2024

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

9.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

What the vulnerability does

01Description

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

October 9, 2024 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-9463 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html CISA KEV Reference https://security.paloaltonetworks.com/PAN-SA-2024-0010 CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2024-9463

Related vulnerabilities

CVE-2024-9463: Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE