CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover
Description
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Expedition 1.2 | < 1.2.92 | >= 1.2.92 |
Severity: CRITICAL, Suggested Urgency: HIGHEST
CVSS-B: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:D/RE:M/U:Red)
Exploitation Status
Palo Alto Networks is aware of reports from CISA that there is evidence of active exploitation for this CVE. More information can be found at https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-adds-four-known-exploited-vulnerabilities-catalog.
Weakness Type
CWE-306 Missing Authentication for Critical Function
Solution
This issue is fixed in Expedition 1.2.92 and all later versions.
Workarounds and Mitigations
Ensure network access to Expedition is restricted to authorized users, hosts, or networks.