Palo Alto Networks Expedition: Authentication Bypass Allows Admin Takeover
CVE-2024-5910 Published on July 10, 2024
Expedition: Missing Authentication Leads to Admin Account Takeover
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
Known Exploited Vulnerability
This Palo Alto Expedition Missing Authentication Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data.
The following remediation steps are recommended / required by November 28, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Timeline
Initial publication
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2024-5910
Want to know whenever a new CVE is published for Palo Alto Networks Expedition? stack.watch will email you.
Affected Versions
Palo Alto Networks Expedition:- Version 1.2 and below 1.2.92 is affected.
- Version 1.2 and below 1.2.92 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.