CVE-2024-5910

2024-07-1019:15:11

CWE-306

palo_alto

web.nvd.nist.gov

1104

107

palo alto networks

expedition

authentication

account takeover

configuration migration

data risk

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:H/SI:L/VA:H/SA:L/AU:Y/U:Red/R:U/V:D/RE:M

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.3%

JSON

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Affected configurations

Vulners

Vulnrichment

Node

paloaltonetworksexpeditionRange1.2–1.2.92

VendorProductVersionCPE
paloaltonetworksexpedition*cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
paloaltonetworks	expedition	*	cpe:2.3:a:paloaltonetworks:expedition::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Expedition",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.92",
            "status": "unaffected"
          }
        ],
        "lessThan": "1.2.92",
        "status": "affected",
        "version": "1.2",
        "versionType": "custom"
      }
    ]
  }
]