CVE-2024-5910
Expedition: Missing Authentication Leads to Admin Account Takeover
In short
Expedition, a Palo Alto Networks configuration migration tool, is missing authentication checks on a critical function, allowing attackers with network access to take over admin accounts and steal sensitive configuration data and credentials.
Technical detail
CWE-306 (Missing Authentication) in Expedition allows unauthenticated attackers with network access to bypass critical function authentication, leading to complete compromise of admin accounts and exposure of imported configuration secrets and credentials. Exploitation requires only network connectivity to the Expedition instance.
Summary generated and translated by AI from the official description.
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:D/RE:M/U:Red
Affected products
Palo Alto Networks · Expeditionpublic PoCs found — 2
githubgithub.com/p33d/Palo-Alto-Expedition-Remote-Code-Execution-Exploit-CVE-2024-5910-CVE-2024-9464★ 0exploitdbwww.exploit-db.com/exploits/52129unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →