← Retour aux CVEs
CVE-2024-5910
CRITICALCISA KEV9.8
Description
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie7/10/2024
Derniere modification11/4/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurPalo Alto Networks
ProduitExpedition
Nom vulnerabilitePalo Alto Networks Expedition Missing Authentication Vulnerability
Date ajout KEV2024-11-07
Date limite remediation2024-11-28
Utilise dans ransomwareUnknown
Produits affectes
paloaltonetworks:expedition
Faiblesses (CWE)
CWE-306CWE-306
References
https://security.paloaltonetworks.com/CVE-2024-5910(psirt@paloaltonetworks.com)
https://security.paloaltonetworks.com/CVE-2024-5910(af854a3a-2127-422b-91ae-364da2661108)
https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5910(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.