CVE-2024-9465

UNKNOWN 0.0

⚠️ CISA KEV

Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

CWE	CWE-89
Vendor	palo alto networks
Product	expedition
Published	Oct 9, 2024
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for palo alto networks expedition

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-9465.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / Expedition

1.2.0 < 1.2.96

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/PAN-SA-2024-0010 horizon3.ai: https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9465

Credits

Zach Hanley (@hacks_zach) of Horizon3.ai Enrique Castillo of Palo Alto Networks