Palo Alto Account Takeover Vulnerability Actively Exploited
Summary
OEM | Palo Alto |
Severity | Critical |
Date of Announcement | 2024-07-10 |
CVSS Score | 9.3 |
CVE | CVE-2024-5910 |
CWE | CWE-306 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
CISA has included the Palo Alto Networks Expedition tool Missing Authentication Vulnerability in its catalog of actively exploited vulnerabilities. Palo Alto’s Expedition is a migration tool designed to simplify the process of transferring configurations from other vendors to Palo Alto Networks. The issue is tracked under CVE-2024-5910. The vulnerability, which involves missing authentication for a critical function in Expedition, could allow attackers with network access to take over an admin account. This poses a risk to imported configuration secrets, credentials, and other sensitive data within Expedition.
Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
Palo Alto Networks Expedition Missing Authentication Vulnerability | CVE-2024-5910 | Expedition | Critical | Expedition 1.2.92 and all later versions |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-5910 | Expedition from 1.2 before 1.2.92 | The vulnerability, caused by missing authentication for an important function in Expedition, could allow attackers with network access to take over an admin account. | Account Takeover |
Recommendations
- Update Expedition to 1.2.92 and the latest versions to mitigate the issue.
General Recommendations
- Restrict Network Access: Limit network access to Expedition to only trusted and authorized users, hosts, and networks.
- Enable Strong Authentication: Implement strong authentication for all critical functions in Expedition, including multi-factor authentication (MFA) where possible.
- Monitor Access Logs: Regularly monitor and review access logs to detect any unusual or unauthorized access attempts.
- Stay Updated: Stay informed about the latest cybersecurity news and updates to keep track of emerging threats and vulnerabilities.