⚠ Actively exploited

Added to CISA KEV on 2024-11-07. Federal agencies required to patch by 2024-11-28. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-5910 — Missing Authentication for Critical Function in Palo Alto Networks Expedition

CWE-306 — Missing Authentication for Critical Function17 documents12 sources

Severity

9.3CRITICALNVD

EPSS

91.0%

top 0.36%

CISA KEV

KEV

Added 2024-11-07

Due 2024-11-28

Exploit

Exploited in wild

Active exploitation observed

Affected products

Palo Alto Networks Expedition Paloaltonetworks Expedition Paloalto Expedition

Timeline

PublishedJul 10

KEV addedNov 7

KEV dueNov 28

Latest updateApr 6

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages3 packages

▶NVDpaloaltonetworks/expedition1.2.0 — 1.2.92

▶CVEListV5palo_alto_networks/expedition1.2 — 1.2.92

▶Palo Altopaloalto/expedition

🔴Vulnerability Details

CVEList

Expedition: Missing Authentication Leads to Admin Account Takeover↗2024-07-10

▶

GHSA

GHSA-px3f-fc5j-2fqv: Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with ne↗2024-07-10

▶

VulnCheck

Palo Alto Networks Expedition Missing Authentication Vulnerability↗2024

▶

💥Exploits & PoCs

Exploit-DB

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover↗2025-04-06

▶

Nuclei

Palo Alto Expedition - Admin Account Takeover

▶

Metasploit

Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)↗

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Palo Alto Expedition Unauthenticated Admin Password Reset (CVE-2024-5910)↗2024-10-10

▶

📋Vendor Advisories

CISA

Palo Alto Networks Expedition Missing Authentication Vulnerability↗2024-11-07

▶

Palo Alto

Expedition: Missing Authentication Leads to Admin Account Takeover↗2024-07-10

▶

🕵️Threat Intelligence

Bleepingcomputer

Over 2,000 Palo Alto firewalls hacked using recently patched bugs↗2024-11-21

▶

Bleepingcomputer

Palo Alto Networks patches two firewall zero-days used in attacks↗2024-11-18

▶

Bleepingcomputer

CISA warns of more Palo Alto Networks bugs exploited in attacks↗2024-11-14

▶

Bleepingcomputer

Palo Alto Networks warns of potential PAN-OS RCE vulnerability↗2024-11-08

▶

Bleepingcomputer

CISA warns of critical Palo Alto Networks bug exploited in attacks↗2024-11-07

▶