Palo Alto Networks Expedition Missing Authentication Vulnerability (CVE-2024-5910)
Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data.
A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2024-11-28 under CISA BOD 22-01.
This is a Missing Authentication for Critical Function (CWE-306) vulnerability in Palo Alto Networks Expedition. Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
Active exploitation documented in the wild. Threat-research write-up: https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.