ExploitCVE-2024-5910
Missing Authentication for Critical Function (CWE-306)
Summary
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
Impact
The impact of this vulnerability is severe. Attackers with network access to Expedition can potentially take over an Expedition admin account. This compromises the security of the entire Expedition system, putting at risk all configuration secrets, credentials, and other sensitive data that has been imported into Expedition. The vulnerability could lead to unauthorized access, data breaches, and potential misuse of the compromised admin account to further infiltrate the network or manipulate configurations. The CVSS v4 base score for this vulnerability is 9.3 (Critical), indicating a high severity level. The attack vector is network-based, with low attack complexity and no user interaction required, making it potentially easy for attackers to exploit.
Exploitation
There is no evidence that a public proof-of-concept exists. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list. Its exploitation has been reported by various sources, including cisa.gov, bleepingcomputer.com.
Patch
As of the current information provided, there is no mention of an available patch. The security team should closely monitor Palo Alto Networks' security advisories for any forthcoming patches or updates to address this vulnerability.
Mitigation
Given the severity of this vulnerability, immediate mitigation steps are crucial: 1. Restrict network access to Expedition as much as possible, implementing strict access controls and network segmentation. 2. Monitor Expedition admin account activities closely for any suspicious behavior. 3. If feasible, consider temporarily disabling Expedition until a patch is available, especially if the risk is deemed too high for your environment. 4. Regularly review and audit all data imported into Expedition, minimizing the amount of sensitive information stored when possible. 5. Implement additional layers of authentication for accessing Expedition, such as multi-factor authentication, if not already in place. 6. Keep all Palo Alto Networks products, especially Expedition, updated to the latest available versions. 7. Continuously monitor Palo Alto Networks' security advisories for updates on this vulnerability and any recommended actions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red
Timeline
Feedly found the first article mentioning CVE-2024-5910. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-5910
This CVE started to trend in security discussions
EPSS Score was set to: 0.04% (Percentile: 9.3%)
This CVE stopped trending in security discussions
Detection for the vulnerability has been added to Qualys (380183)
This CVE started to trend in security discussions
This CVE stopped trending in security discussions