CVE-2024-9466 HIGH

CVE-2024-9466: Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure

Vendor Palo Alto Networks
Product Expedition
Weakness CWE-532 · Sensitive info in logs
Published October 9, 2024
Last update September 4, 2025

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

What the vulnerability does

01Description

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

Key dates

02Disclosure timeline

October 9, 2024 CVE published
September 4, 2025 Record updated

Related vulnerabilities

04Related CVE