¡¾Â©¶´Í¨¸æ¡¿Palo Alto Networks ExpeditionÃüÁî×¢È멶´£¨CVE-2024-9463£©

Ðû²¼Ê±¼ä 2024-11-15


Ò»¡¢Â©¶´¸ÅÊö

©¶´Ãû³Æ

   Palo Alto Networks ExpeditionÃüÁî×¢È멶´

CVE   ID

CVE-2024-9463

©¶´ÀàÐÍ

ÃüÁî×¢Èë

·¢ÏÖʱ¼ä

2024-10-11

©¶´ÆÀ·Ö

9.9

©¶´Æ·¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

ÒѹûÈ»

ÔÚÒ°ÀûÓÃ

ÒÑ·¢ÏÖ

 

Palo Alto Networks ExpeditionÊÇPalo Alto NetworksÌṩµÄÒ»¿îǨÒƹ¤¾ß £¬Ö¼ÔÚ×ÊÖúÍøÂçÄþ¾²ÍŶӽøÐзÀ»ðǽ¹æÔòµÄǨÒÆ¡¢ÓÅ»¯ºÍ¹ÜÀí¡£ËüÖ÷ÒªÓÃÓÚ¼ò»¯´Ó¾É·À»ðǽÉ豸£¨Èç˼¿Æ¡¢Check Point¡¢FortinetµÈ£©Ç¨ÒƵ½Palo Alto Networks·À»ðǽµÄ¹ý³Ì £¬¶øÇÒ¿ÉÒÔ×ÊÖúÓû§ÔÚǨÒƹý³ÌÖÐÇåÀíºÍÓÅ»¯·À»ðǽ¹æÔò¡£

11ÔÂ15ÈÕ £¬¶¶È¦Îª¶Ä¶øÉú¼¯ÍÅVSRC¼à²âµ½¹¥»÷ÕßÕýÔÚ»ý¼«ÀûÓÃPalo Alto Networks ExpeditionǨÒƹ¤¾ßÖеÄÃüÁî×¢È멶´£¨CVE-2024-9463£©ºÍSQL×¢È멶´£¨CVE-2024-9465£© £¬ÏêÇéÈçÏ£º

CVE-2024-9463£ºPalo Alto Networks ExpeditionÃüÁî×¢È멶´

Palo Alto Networks ExpeditionÊÜÓ°Ïì°æ±¾ÖÐconvertCSVtoParquet ½Ó¿Ú´æÔÚÃüÁî×¢È멶´ £¬ÆäCVSSÆÀ·ÖΪ9.9 £¬ÀÖ³ÉÀûÓø鶴¿ÉÄܵ¼ÖÂδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÔÚExpeditionÖÐÒÔroot Éí·ÝÔËÐÐÈÎÒâϵͳÃüÁî £¬´Ó¶øµ¼Ö PAN-OS ·À»ðǽµÄÓû§Ãû¡¢Ã÷ÎÄÃÜÂë¡¢É豸ÅäÖúÍÉ豸APIÃÜԿй¶¡£Ä¿Ç°¸Ã©¶´µÄPoCÒѹûÈ» £¬ÇÒÒÑ·¢ÏÖ±»ÀûÓá£

CVE-2024-9465£ºPalo Alto Networks Expedition SQL×¢È멶´

Palo Alto Networks ExpeditionÊÜÓ°Ïì°æ±¾ÖдæÔÚSQL ×¢È멶´ £¬ÆäCVSSÆÀ·ÖΪ9.2 £¬ÀÖ³ÉÀûÓø鶴¿ÉÄܵ¼ÖÂδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß»ñÈ¡Expedition Êý¾Ý¿âÄÚÈÝ £¬ÀýÈçÃÜÂë¹þÏ£¡¢Óû§Ãû¡¢É豸ÅäÖúÍÉ豸 API ÃÜÔ¿µÈ £¬²¢¿ÉÔÚExpeditionϵͳÉÏ´´½¨ºÍ¶ÁÈ¡ÈÎÒâÎļþ¡£Ä¿Ç°¸Ã©¶´µÄ¼¼Êõϸ½Ú¼°PoCÒѹûÈ»Åû¶ £¬ÇÒÒÑ·¢ÏÖ±»ÀûÓá£

´ËÍâ £¬Palo Alto Networks ExpeditionÖл¹´æÔÚÁíÒ»¸öÃüÁî×¢È멶´£¨CVE-2024-9464 £¬CVSSÆÀ·Ö9.3£© £¬¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÀûÓø鶴ÔÚExpeditionÖÐÒÔroot Éí·ÝÔËÐÐÈÎÒâϵͳÃüÁÒÔ¼°Palo Alto Networks ExpeditionÃ÷ÎÄ´æ´¢Ãô¸ÐÐÅϢ©¶´£¨CVE-2024-9466 £¬CVSSÆÀ·Ö8.2£© £¬ÔÊÐí¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß»ñȡʹÓÃÕâЩƾ¾ÝÉú³ÉµÄ·À»ðǽÓû§Ãû¡¢ÃÜÂëºÍ API ÃÜÔ¿£»ºÍPalo Alto Networks Expedition¿çÕ¾½Å±¾Â©¶´£¨CVE-2024-9467 £¬CVSSÆÀ·Ö7.0£© £¬¹¥»÷Õß¿ÉÒÔÓÕµ¼ÒÑÈÏÖ¤µÄExpeditionÓû§µã»÷¶ñÒâÁ´½Ó £¬´Ó¶ø´¥·¢·´ÉäÐÍXSS©¶´ £¬µ¼Ö¶ñÒâJavaScriptÔÚÓû§µÄä¯ÀÀÆ÷ÉÏÏÂÎÄÖÐÖ´ÐÐ £¬Õâ¿ÉÄÜÒý·¢µöÓã¹¥»÷ £¬½ø¶øµ¼ÖÂExpeditionä¯ÀÀÆ÷»á»°±»µÁ¡£

 

¶þ¡¢Ó°Ï췶Χ

Palo Alto Networks Expedition < 1.2.96

 

Èý¡¢Äþ¾²´ëÊ©

3.1 Éý¼¶°æ±¾

Ä¿Ç°ÕâЩ©¶´ÒѾ­ÐÞ¸´ £¬ÊÜÓ°ÏìÓû§¿ÉÉý¼¶µ½ÒÔÏ°汾£º

Palo Alto Networks Expedition >= 1.2.96

ÏÂÔØÁ´½Ó£º

https://live.paloaltonetworks.com/t5/expedition/ct-p/migration_tool

3.2 ÁÙʱ´ëÊ©

È·±£¶ÔExpeditionµÄÍøÂç·ÃÎʽöÏÞÓÚÊÚȨÓû§¡¢Ö÷»ú»òÍøÂç¡£

Èç¹ûδÖ÷¶¯Ê¹ÓÃExpedition £¬ÇëÈ·±£ExpeditionÈí¼þÒѹرÕ¡£

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡ £¬¼õÉÙϵͳ©¶´ £¬ÌáÉý·þÎñÆ÷µÄÄþ¾²ÐÔ¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ £¬Ð޸ķÀ»ðǽ¼Æı £¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ £¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø £¬¼õÉÙ¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶Äþ¾²²úÎï £¬ÌáÉýÆóÒµµÄÍøÂçÄþ¾²ÐÔÄÜ¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí £¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò £¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏ޶ȡ£

l  ÆôÓÃÇ¿ÃÜÂë¼Æı²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£

3.4 ²Î¿¼Á´½Ó

https://security.paloaltonetworks.com/PAN-SA-2024-0010

https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise

https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://nvd.nist.gov/vuln/detail/CVE-2024-9463

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2024-11-15

Ê×´ÎÐû²¼

 

  

Îå¡¢¸½Â¼

5.1 ¶¶È¦Îª¶Ä¶øÉú¼ò½é

¶¶È¦Îª¶Ä¶øÉú½¨Á¢ÓÚ1996Äê £¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Äþ¾²¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Äþ¾²²úÎï¡¢Äþ¾²·þÎñ½â¾ö·½°¸µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¶¶È¦Îª¶Ä¶øÉú´óÏà £¬¹«Ë¾Ô±¹¤6000ÓàÈË £¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö £¬ÓµÓÐÁýÕÖÈ«¹úµÄÏúÊÛÌåϵ¡¢ÇþµÀÌåϵºÍ¼¼ÊõÖ§³ÖÌåϵ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´ £¬¶¶È¦Îª¶Ä¶øÉúÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´ÐµÄÄþ¾²²úÎïºÍ×î¼Ñʵ¼ù·þÎñ £¬×ÊÖú¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄÄþ¾²ÐÔºÍÉú²úЧÄÜ £¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Äþ¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Å¬Á¦¡£

5.2 ¹ØÓÚ¶¶È¦Îª¶Ä¶øÉú

¶¶È¦Îª¶Ä¶øÉúÄþ¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸ö©¶´Í¨¸æºÍ·çÏÕÔ¤¾¯ £¬ÎÒÃǽ«Á¬Ðø¸ú×ÙÈ«Çò×îеÄÍøÂçÄþ¾²Ê¼þºÍ©¶´ £¬ÎªÆóÒµµÄÐÅÏ¢Äþ¾²±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png