CVE-2024-5910

July 10, 2024, 7:15 p.m.

None
No Score

Description

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Product(s) Impacted

Product Versions
Palo Alto Networks Expedition

Weaknesses

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://security.paloaltonetworks.com/CVE-2024-5910

Tags

CWE-306
psirt@paloaltonetworks.com
2024-07-10
CVE-2024-5910

Date

  • Published: July 10, 2024, 7:15 p.m.
  • Last Modified: July 10, 2024, 7:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@paloaltonetworks.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.