Palo Alto Networks Security Advisories / CVE-2024-5910

CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover

047910
Severity 9.3 · CRITICAL
Urgency HIGHEST
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable YES
User Interaction NONE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability HIGH
Privileges Required NONE
Subsequent Confidentiality LOW
Subsequent Integrity LOW
Subsequent Availability LOW
NVD JSON
Published 2024-07-10
Updated 2024-07-10
Reference
Discovered externally

Description

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Product Status

VersionsAffectedUnaffected
Expedition 1.2< 1.2.92>= 1.2.92

Severity: CRITICAL

CVSSv4.0 Base Score: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:D/RE:M/U:Red)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-306 Missing Authentication for Critical Function

Solution

This issue is fixed in Expedition 1.2.92 and all later versions.

Workarounds and Mitigations

Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.

Acknowledgments

Palo Alto Networks thanks Brian Hysell (Synopsys CyRC) for discovering and reporting this issue.

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.