Vulnerability Description
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Expedition | >= 1.2.0, < 1.2.92 |
Related Weaknesses (CWE)
References
- https://security.paloaltonetworks.com/CVE-2024-5910Vendor Advisory
- https://security.paloaltonetworks.com/CVE-2024-5910Vendor Advisory
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-ExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource
FAQ
What is CVE-2024-5910?
CVE-2024-5910 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a...
How severe is CVE-2024-5910?
CVE-2024-5910 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-5910?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Expedition.