漏洞描述
Palo Alto Networks Expedition是一种由美国Palo Alto Networks公司开发的工具,旨在帮助用户进行配置迁移、调优和丰富功能。Palo Alto Networks Expedition 1.2.92 以下版本的 convertCSVtoParquet 接口存在远程命令执行漏洞。未经身份验证的攻击者可以利用该漏洞以 root 身份运行任意操作系统命令,从而获取系统权限并造成严重的安全风险。
Palo Alto Networks Expedition /API/convertCSVtoParquet.php 命令执行漏洞(CVE-2024-9463)
PoC代码
暂无相关漏洞推荐
- (CVE-2025-4617)Palo Alto Networks Prisma Browser截图控制绕过漏洞
- (CVE-2025-4618)Palo Alto Networks Prisma Browser敏感信息泄露漏洞
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- PaloAlto-Expedition OS命令注入漏洞 (CVE-2025-0107)
- POC CVE-2018-10141: Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting
- POC CVE-2020-2036: Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
- POC CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
- POC CVE-2024-5910: Palo Alto Expedition - Admin Account Takeover
- POC CVE-2024-9463: PaloAlto Networks Expedition - Remote Code Execution
- POC CVE-2024-9465: Palo Alto Expedition - SQL Injection
- POC CVE-2025-0107: Palo Alto Networks Expedition - OS Command Injection
- POC limit-networkaccess-disabled: Limit Network Access to Selected Networks - Disabled