CVE-2024-5910 - OpenCVE

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Nov. 7, 2024.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Paloaltonetworks	Expedition

Configuration 1 [-]

cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2024-5910

History

Fri, 08 Nov 2024 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 07 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2024-11-07'}`

Wed, 06 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Paloaltonetworks Paloaltonetworks expedition
CPEs		cpe:2.3:a:paloaltonetworks:expedition::::::::
Vendors & Products		Paloaltonetworks Paloaltonetworks expedition
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-07-10T18:39:26.006Z

Updated: 2024-11-08T16:40:17.301Z

Reserved: 2024-06-12T15:27:55.854Z

Link: CVE-2024-5910

Vulnrichment

Updated: 2024-11-08T16:40:17.301Z

NVD

Status : Analyzed

Published: 2024-07-10T19:15:11.390

Modified: 2024-11-14T02:00:02.740

Link: CVE-2024-5910

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5910", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-06-12T15:27:55.854Z", "datePublished": "2024-07-10T18:39:26.006Z", "dateUpdated": "2024-11-08T16:40:17.301Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Expedition", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "1.2.92", "status": "unaffected"}], "lessThan": "1.2.92", "status": "affected", "version": "1.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Brian Hysell (Synopsys CyRC)"}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.<br><br>Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue."}], "value": "Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.\n\nNote: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:D/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-07-10T18:39:26.006Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5910"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is fixed in Expedition 1.2.92 and all later versions.<br>"}], "value": "This issue is fixed in Expedition 1.2.92 and all later versions."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-07-10T16:00:00.000Z", "value": "Initial publication"}], "title": "Expedition: Missing Authentication Leads to Admin Account Takeover", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.<br>"}], "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "paloaltonetworks", "product": "expedition", "cpes": ["cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.2", "status": "affected", "lessThan": "1.2.92", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T00:00:00+00:00", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-5910"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-11-07", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T17:20:23.515Z"}, "timeline": [{"time": "2024-11-07T00:00:00+00:00", "lang": "en", "value": "CVE-2024-5910 added to CISA KEV"}]}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-08T16:40:17.301Z"}, "references": [{"url": "https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2024-5910"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise"}, {"url": "https://security.paloaltonetworks.com/CVE-2024-5910", "tags": ["vendor-advisory", "x_transferred"]}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-08T16:40:17.301Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5910", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-12T03:55:27.363866Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-11-07", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*"], "vendor": "paloaltonetworks", "product": "expedition", "versions": [{"status": "affected", "version": "1.2", "lessThan": "1.2.92", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T20:04:07.391Z"}, "timeline": [{"lang": "en", "time": "2024-11-07T00:00:00+00:00", "value": "CVE-2024-5910 added to CISA KEV"}]}], "cna": {"title": "Expedition: Missing Authentication Leads to Admin Account Takeover", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Brian Hysell (Synopsys CyRC)"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 9.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:D/RE:M/U:Red", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Expedition", "versions": [{"status": "affected", "changes": [{"at": "1.2.92", "status": "unaffected"}], "version": "1.2", "lessThan": "1.2.92", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-07-10T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Expedition 1.2.92 and all later versions.", "supportingMedia": [{"type": "text/html", "value": "This issue is fixed in Expedition 1.2.92 and all later versions.<br>", "base64": false}]}], "datePublic": "2024-07-10T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5910", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.", "supportingMedia": [{"type": "text/html", "value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.\n\nNote: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.", "supportingMedia": [{"type": "text/html", "value": "Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.<br><br>Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-07-10T18:39:26.006Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5910", "state": "PUBLISHED", "dateUpdated": "2024-11-08T16:40:17.301Z", "dateReserved": "2024-06-12T15:27:55.854Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-07-10T18:39:26.006Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-11-28", "cisaExploitAdd": "2024-11-07", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Palo Alto Networks Expedition Missing Authentication Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCBF1116-E6AB-472A-82F8-2D360186A8CD", "versionEndExcluding": "1.2.92", "versionStartIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.\n\nNote: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue."}, {"lang": "es", "value": "La falta de autenticaci\u00f3n para una funci\u00f3n cr\u00edtica en Palo Alto Networks Expedition puede provocar que los atacantes con acceso a la red de Expedition tomen el control de la cuenta de administrador de Expedition. Nota: Expedition es una herramienta que ayuda en la migraci\u00f3n, el ajuste y el enriquecimiento de la configuraci\u00f3n. Los secretos de configuraci\u00f3n, las credenciales y otros datos importados a Expedition est\u00e1n en riesgo debido a este problema."}], "id": "CVE-2024-5910", "lastModified": "2024-11-14T02:00:02.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2024-07-10T19:15:11.390", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5910"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}