CVE-2024-9466
EUVD-2024-4995809.10.2024, 17:15
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | expedition | 1.2.0 ≤ 𝑥 < 1.2.96 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| paloaltonetworks | expedition | 1.2.0 ≤ 𝑥 < 1.2.96 | ADP |
Common Weakness Enumeration
- CWE-532 - Insertion of Sensitive Information into Log FileInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.