CVE-2024-9465 CRITICAL

CVE-2024-9465: Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure

Vendor Palo Alto Networks

Product Expedition

Weakness CWE-89 · SQLi

KEV Status Known Exploited

Published October 9, 2024

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

9.2/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

What the vulnerability does

01Description

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

October 9, 2024 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-9465 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html CISA KEV Reference https://security.paloaltonetworks.com/PAN-SA-2024-0010 CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2024-9465

Related vulnerabilities

CVE-2024-9465: Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE