Last updated at Fri, 15 Nov 2024 21:25:28 GMT

Palo Alto Expedition RCE module

This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-9464 is an authenticated OS command injection. The module makes use of both vulnerabilities in order to obtain unauthenticated RCE in the context of the user www-data.

New module content (1)

Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)

Authors: Brian Hysell, Enrique Castillo, Michael Heinzl, and Zach Hanley
Type: Exploit
Pull request: #19557 contributed by h4x-x0r
Path: linux/http/paloalto_expedition_rce
AttackerKB reference: CVE-2024-24809

Description: Adds a module to chain CVE-2024-5910, a password reset vulnerability with CVE-2024-9464, an authenticated command-injection vulnerability to gain code execution on PaloAlto Expedition servers between versions after 1.2 and before 1.2.92 with or without knowledge of the credentials.

Bugs fixed (3)

  • #19610 from cgranleese-r7 - Fixes the bruteforce summary table to correctly output the identified credentials as part of the smb_login module. This functionality is behind the features set show_successful_logins true command.
  • #19617 from sjanusz-r7 - Fixes a crash when running against a shell session which does not echo the executed commands.
  • #19623 from adfoster-r7 - This fixes a bug in the logic that fetches stored Kerberos tickets.

Documentation added (2)

  • #19369 from Adithya2357 - This improves the clarity and organization of the Metasploit Framework's README documentation. It restructures content into distinct categories, updates installation instructions, enhances usage guidance, and provides a detailed contributing section.
  • #19635 from adfoster-r7 - Update the Kerberos enumusers module description to include a note about ASREPRoast attacks.

You can always find more documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro

NEVER MISS AN EMERGING THREAT

Be the first to learn about the latest vulnerabilities and cybersecurity news.