We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Security Advisory

Palo Alto Account Takeover Vulnerability Actively Exploited

Summary

OEM

Palo Alto

Severity

Critical

Date of Announcement

2024-07-10

CVSS Score

9.3

CVE

CVE-2024-5910

CWE

CWE-306

Exploited in Wild

Yes

Patch/Remediation Available

Yes

Advisory Version

1.0

Overview

CISA has included the Palo Alto Networks Expedition tool Missing Authentication Vulnerability in its catalog of actively exploited vulnerabilities. Palo Alto’s Expedition is a migration tool designed to simplify the process of transferring configurations from other vendors to Palo Alto Networks. The issue is tracked under CVE-2024-5910. The vulnerability, which involves missing authentication for a critical function in Expedition, could allow attackers with network access to take over an admin account. This poses a risk to imported configuration secrets, credentials, and other sensitive data within Expedition.

Vulnerability Name

CVE ID

Product Affected

Severity

Fixed Version

Palo Alto Networks Expedition Missing Authentication Vulnerability

CVE-2024-5910

Expedition

Critical

Expedition 1.2.92 and all later versions

Technical Summary

CVE ID

System Affected

Vulnerability Details

Impact

CVE-2024-5910

Expedition from 1.2 before 1.2.92

The vulnerability, caused by missing authentication for an important function in Expedition, could allow attackers with network access to take over an admin account.

Account Takeover

Recommendations

  • Update Expedition to 1.2.92 and the latest versions to mitigate the issue.

General Recommendations

  • Restrict Network Access: Limit network access to Expedition to only trusted and authorized users, hosts, and networks.
  • Enable Strong Authentication: Implement strong authentication for all critical functions in Expedition, including multi-factor authentication (MFA) where possible.
  • Monitor Access Logs: Regularly monitor and review access logs to detect any unusual or unauthorized access attempts.
  • Stay Updated: Stay informed about the latest cybersecurity news and updates to keep track of emerging threats and vulnerabilities.

References