Palo Alto Expedition RCE module
This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-9464 is an authenticated OS command injection. The module makes use of both vulnerabilities in order to obtain unauthenticated RCE in the context of the user www-data.
New module content (1)
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)
Authors: Brian Hysell, Enrique Castillo, Michael Heinzl, and Zach Hanley
Type: Exploit
Pull request: #19557 contributed by h4x-x0r
Path: linux/http/paloalto_expedition_rce
AttackerKB reference: CVE-2024-24809
Description: Adds a module to chain CVE-2024-5910, a password reset vulnerability with CVE-2024-9464, an authenticated command-injection vulnerability to gain code execution on PaloAlto Expedition servers between versions after 1.2 and before 1.2.92 with or without knowledge of the credentials.
Bugs fixed (3)
#19610 from cgranleese-r7 - Fixes the bruteforce summary table to correctly output the identified credentials as part of the smb_login module. This functionality is behind the features set show_successful_logins true command.
#19617 from sjanusz-r7 - Fixes a crash when running against a shell session which does not echo the executed commands.
#19623 from adfoster-r7
Support the originator by clicking the read the rest link below.