Expedition: Missing Authentication Leads to Admin Account Takeover

2024-07-1016:00:00

Palo Alto Networks Product Security Incident Response Team

securityadvisories.paloaltonetworks.com

expedition

authentication

admin account

takeover

palo alto networks

configuration

migration

enrichment

secrets

credentials

data

security

network access

authorized users

hosts.

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:H/SI:L/VA:H/SA:L/AU:Y/U:Red/R:U/V:D/RE:M

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.3%

JSON

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Work around:
Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.