CVE-2024-5910
- Reference to the description:
- Description:
- Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
- Last updated date:
- 11/27/2024
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 11/07/2024
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/12/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/13/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/27/2024
- Reference url to background
https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise