CVE-2024-5910

🗓️ 10 Jul 2024 18:39:26Reported by palo_altoType

cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 2522 Views🌐 WEB

Expedition admin account takeover risk due to missing authentication for critical function

Reporter	Title	Published	Views	Family All 31
0day.today	Palo Alto Expedition 1.2.91 Remote Code Execution Exploit	14 Nov 202400:00	–	zdt
ATTACKERKB	CVE-2024-5910	10 Jul 202400:00	–	attackerkb
BDU FSTEC	The vulnerability of the Palo Alto Networks Expedition configuration migration tool, related to the lack of authentication for a critical function, allows a perpetrator to obtain administrator credentials.	21 Aug 202400:00	–	bdu_fstec
Circl	CVE-2024-5910	10 Jul 202421:49	–	circl
CISA KEV Catalog	Palo Alto Networks Expedition Missing Authentication Vulnerability	7 Nov 202400:00	–	cisa_kev
CISA	CISA Adds Four Known Exploited Vulnerabilities to Catalog	7 Nov 202412:00	–	cisa
CNNVD	Palo Alto Networks Expedition Security Breach	10 Jul 202400:00	–	cnnvd
Cvelist	CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover	10 Jul 202418:39	–	cvelist
GithubExploit	Exploit for OS Command Injection in Paloaltonetworks Expedition	9 Oct 202416:36	–	githubexploit
Exploit DB	Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover	6 Apr 202500:00	–	exploitdb

NVD

Vulners

Vulnrichment

Node

paloaltonetworks expeditionRange1.2.0–1.2.92

[
  {
    "defaultStatus": "unaffected",
    "product": "Expedition",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.92",
            "status": "unaffected"
          }
        ],
        "lessThan": "1.2.92",
        "status": "affected",
        "version": "1.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.paloaltonetworks.com/CVE-2024-5910
horizon3	www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
user	request body	php/utils/createRemoteAppwebSession.php	Authentication bypass followed by remote command execution via crafted session creation request.	CWE-306
userRole	request body	php/utils/createRemoteAppwebSession.php	Authentication bypass followed by remote command execution via crafted session creation request.	CWE-306
remoteHost	request body	php/utils/createRemoteAppwebSession.php	Authentication bypass followed by remote command execution via crafted session creation request.	CWE-306
vsys	request body	php/utils/createRemoteAppwebSession.php	Authentication bypass followed by remote command execution via crafted session creation request.	CWE-306
user	path	index.php/.js.map	Authenticated session abuse endpoint used to execute commands through a vulnerable session (command execution via approved session).	CWE-306
userRole	path	index.php/.js.map	Authenticated session abuse endpoint used to execute commands through a vulnerable session (command execution via approved session).	CWE-306
remoteHost	path	index.php/.js.map	Authenticated session abuse endpoint used to execute commands through a vulnerable session (command execution via approved session).	CWE-306
vsys	path	index.php/.js.map	Authenticated session abuse endpoint used to execute commands through a vulnerable session (command execution via approved session).	CWE-306