Expedition Admin Account Takeover Risk Due to Missing Authentication
Key Information
- Vendor
- Palo Alto Networks
- Status
- Expedition
- Vendor
- CVE Published:
- 10 July 2024
Badges
Summary
CVE-2024-5910 is a critical vulnerability in the Palo Alto Networks Expedition Migration Tool, with a high CVSS score of 9.3. It allows for attackers with network access to Expedition to take over the admin account due to missing authentication for a critical function. This puts configuration secrets, credentials, and imported data at risk. It is recommended to restrict network access to Expedition to authorized users, hosts, or networks, and to update to Expedition 1.2.92 or later to fix this issue. There are no known ransomware exploits related to this vulnerability at this time.
Affected Version(s)
Expedition < 1.2.92
News Articles
prophaze.com CVE-2024-5910CVE-2024-5910 : PALO ALTO NETWORKS EXPEDITION UP TO 1.2.91 MISSING AUTHENTICATION - Cloud WAF
CVE-2024-5910 : Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
3 months ago
SystemTek CVE-2024-5910Palo Alto Networks critical flaw in Expedition Migration Tool [CVE-2024-5910]
CVE number = CVE-2024-5910 CVSS Score = 9.3 Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access...
3 months ago
Timeline
First article discovered by SystemTek
Initial publication
Vulnerability published.
Vulnerability Reserved.
- 👾
Exploit exists.