Overview
- Description
- Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Known exploits
Data from CISA
- Vulnerability name
- Palo Alto Networks Expedition Missing Authentication Vulnerability
- Exploit added on
- Nov 7, 2024
- Exploit action due
- Nov 28, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Social media
- Hype score
- Not currently trending
[Files ≈ Packet Storm] Palo Alto Expedition 1.2.91 Remote Code Execution. This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the... https://t.co/ExPRTOXozL
@shah_sheikh
13 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-5910: CISA Alerts to Active Exploitation of Critical Palo Alto Networks Expedition Vulnerability 📊 90+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/jnXAIz0d59 👇Query HUNTER:/product.name="Palo Alto Networks Expedition"… htt
@HunterMapping
13 Nov 2024
1763 Impressions
8 Retweets
17 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨 A Palo Alto Networks Expedition vuln patched in July (#CVE-2024-5910) was recently added to CISA KEV. Could enable admin account takeover if exploited. Luckily, fewer than 50 Expedition devices are exposed online. More details: https://t.co/meabhsFO1r #CensysRapidResponse
@censysio
12 Nov 2024
118 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
A critical flaw in Palo Alto’s Expedition tool, CVE-2024-5910, is officially out in the wild. This vulnerability lets attackers slip into admin accounts, putting sensitive data at risk. #trio’s here to make sure your defenses are up and running! #CyberSecurity #TrioMDM #CISAAlert
@triosoftinc
12 Nov 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA warns of a critical flaw (CVE-2024-5910) in Palo Alto Networks’ Expedition tool, a “Missing Authentication” vulnerability allowing potential admin hijacking & access to sensitive data.
@FennefLabs
11 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA warns of active exploitation of Palo Alto Networks Expedition flaw (CVE-2024-5910) and adds other critical vulnerabilities to its KEV catalog. #cybersecurity #vulnerability #CISA https://t.co/AaT7HQXSi2
@TLDRStories
11 Nov 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ヤバい、わかりやすい生成AI画像にイラッとするようになってきた。 パロアルトネットワークスの重大な脆弱性(CVE-2024-5910)がサイバー攻撃に悪用されるとCISAが警告|セキュリティニュース https://t.co/cJknHKUvUD
@huanteina_god
11 Nov 2024
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA warns of active exploitation of a critical vulnerability (CVE-2024-5910) in Palo Alto Networks’ Expedition tool, potentially allowing admin account takeover. Users should update to the latest version to mitigate risks. https://t.co/wSwFmuizwZ
@twt_abgjay
10 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 أضافت CISA ثغرة أمنية حرجة (CVE-2024-5910) في Palo Alto Networks Expedition إلى كتالوج الثغرات الأمنية المستغلة المعروفة. تسمح هذه الثغرة للمهاجمين بالاستيلاء على حسابات المسؤول، مما يعرض البيانات الحساسة للخطر. 👉 اقرأ التفاصيل: https://t.co/pBkTc458JR
@CERT_Arabic
10 Nov 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری های خطرناکی برای محصول Palo Alto Networks منتشر شده است که به هکرها امکان دستیابی به admin account و configuration data حساس و credentials و سایر اطلاعات با دسترسی بالا را می دهد. کد شناسایی این آسیب پذیزی CVE-2024-5910 می باشد. https://t.co/Y2P1U3eX7Y https://t.co/6C
@AmirHossein_sec
9 Nov 2024
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA alerta sobre explotación activa de vulnerabilidad crítica en Palo Alto Networks. La vulnerabilidad ya parchada identificada como CVE-2024-5910, permitía a un atacante con acceso a la red tomar el control de una cuenta de administrador. #cybersecurity https://t.co/ahjlbrU4xJ
@EHCGroup
8 Nov 2024
67 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
.@CISAgov has officially added #PaloAlto CVE-2024-5910 to its KEV catalog. This security flaw was patched in July and allows attackers to reset application admin credentials on Internet-exposed Expedition servers. According to @hacks_zach, it can also be chained to… https://t.co
@Horizon3ai
8 Nov 2024
116 Impressions
2 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
La CISA alerte sur l'exploitation active d'une vulnérabilité critique (CVE-2024-5910) dans l'outil Expedition de Palo Alto Networks, permettant une prise de contrôle d'un compte administrateur. https://t.co/WYmEdY6Duf
@cert_ist
8 Nov 2024
38 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of critical Palo Alto Networks bug exploited in attacks: https://t.co/zh8ZvhkOPZ CISA has issued a warning regarding a critical vulnerability, CVE-2024-5910, in Palo Alto Networks Expedition, exploited by attackers to reset admin credentials on exposed servers. This…
@securityRSS
8 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Alert: Active Exploitation of Critical Flaws 🚨 CISA warns of high-risk vulnerabilities: Palo Alto Expedition (CVE-2024-5910) Android (CVE-2024-43093) CyberPanel (CVE-2024-51567) Federal agencies advised to patch by Nov 28. #Cybersecurity #CISA #PaloAlto #Vulnerability ht
@redfoxsec
8 Nov 2024
57 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-5910 is getting exploited #inthewild. Find out more at https://t.co/h9Si15xRHZ
@inthewildio
8 Nov 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Palo Alto #Networks #Expedition bug exploited (#CVE-2024-5910) https://t.co/kg5nISUC74
@ScyScan
8 Nov 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:11月7日~8日のセキュリティ関連ニュース/記事】 <脆弱性> ・米CISA、パロアルトネットワークスの重大なバグが攻撃に悪用されていると警告(CVE-2024-5910) https://t.co/vTwufxmNK5 ・CVE-2024-40715:Veeam Backup Enterprise Managerにおける認証バイパスの脅威… https://t.co/Tf9xq5poO6
@MachinaRecord
8 Nov 2024
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA has included a critical vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition in its Known Exploited Vulnerabilities catalog. This vulnerability enables attackers to gain control of admin accounts, putting sensitive data at risk.
@918intelligence
8 Nov 2024
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA has added a critical #vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog. This flaw allows attackers to take over admin accounts, risking sensitive data. 👉 Read details: https://... https://t.co/Yaz8OWv1CC
@IT_news_for_all
8 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA has added a critical #vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog. This flaw allows attackers to take over admin accounts, risking sensitive data. 👉 Read details: https://t.co/qj4hH1oBgO #infosecurity
@TheHackersNews
8 Nov 2024
79 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Palo Alto Networks Expedition 認証の欠落により管理者アカウントが乗っ取られる CVE-2024-5910 CISAより悪用された脆弱性カタログに追加されました。ネットワーク アクセス権を持つ攻撃者によって Expedition 管理者アカウントが乗っ取られる可能性があります。 https://t.co/fs7k8mEn5A https://t.co/4FzMVSwIAD
@t_nihonmatsu
8 Nov 2024
402 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-5910 Palo Alto #Expedition Missing Authentication Vulnerability https://t.co/h3UuV9TwIC
@ScyScan
7 Nov 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCBF1116-E6AB-472A-82F8-2D360186A8CD",
"versionEndExcluding": "1.2.92",
"versionStartIncluding": "1.2.0"
}
],
"operator": "OR"
}
]
}
]