Palo Alto Networks Security Advisories / CVE-2024-5910

CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover

Severity 9.3 · CRITICAL
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable YES
User Interaction NONE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability HIGH
Privileges Required NONE
Subsequent Confidentiality LOW
Subsequent Integrity LOW
Subsequent Availability LOW


Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Product Status

Expedition 1.2< 1.2.92>= 1.2.92

Severity: CRITICAL

CVSSv4.0 Base Score: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:D/RE:M/U:Red)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-306 Missing Authentication for Critical Function


This issue is fixed in Expedition 1.2.92 and all later versions.

Workarounds and Mitigations

Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.


Palo Alto Networks thanks Brian Hysell (Synopsys CyRC) for discovering and reporting this issue.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.