CVE-2024-5910CISA Alerts Fed Agencies of Active Exploitation of Palo...

CISA Alerts Fed Agencies of Active Exploitation of Palo Alto Networks’ CVE-2024-5910

-

A missing authentication flaw in Palo Alto Networks’ Expedition tool now jeopardizes firewall configurations across sectors, with attackers actively exploiting this vulnerability in the wild.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding an actively exploited vulnerability in Palo Alto Networks’ Expedition tool. This flaw, labeled CVE-2024-5910, poses a critical threat by allowing attackers to take over administrative accounts, putting configuration secrets and credentials at risk.

Expedition’s widespread usage in firewall migration and management makes the vulnerability particularly concerning for organizations relying on this tool for seamless transitions from other firewalls to Palo Alto’s PAN-OS.

Also read: Palo Alto Networks Warns Customers of Actively-Exploited PAN-OS vulnerability

Although Palo Alto Networks released a patch in July, exploitation is now observed, urging immediate remediation for any organization using Expedition versions below 1.2.92.

The Expedition Vulnerability

CVE-2024-5910 represents a missing authentication vulnerability in the Expedition tool, enabling attackers with network access to assume control of the admin account. This exploit opens a gateway to sensitive data such as configuration details, credentials, and other critical information. With a CVSSv4.0 base score of 9.3, this flaw ranks as critical, posing significant risks to both enterprise and federal environments.

Only Expedition versions below 1.2.92 are susceptible, and organizations using older versions face potential exposure until they implement the recommended upgrade.

Also read: Patch Now! Critical Flaw Found in Palo Alto Networks Expedition Migration Tool

Technical Details of Expedition Vulnerability

  • Vulnerability ID: CVE-2024-5910 (Missing Authentication for Critical Function)
  • Severity Level: Critical (CVSSv4.0 Score: 9.3)
  • Affected Versions: Expedition versions below 1.2.92
  • Unaffected Versions: Expedition 1.2.92 and newer
  • Impact: Admin account takeover, unauthorized access to configuration secrets, potential firewall control

Exploitation in the Wild

The risk associated with CVE-2024-5910 likely escalated following the release of a proof-of-concept (PoC) exploit by security researcher Zach Hanley from Horizon3.ai in October. This PoC demonstrated how CVE-2024-5910 could be combined with another vulnerability, CVE-2024-9464—a command injection flaw—to enable remote, arbitrary command execution on vulnerable systems. By chaining these exploits, attackers gain the ability to reset admin credentials and potentially take control of PAN-OS firewall configurations.

This compounded risk has heightened concerns as attackers can exploit Expedition’s missing authentication and reset vulnerabilities, offering them unauthorized access to sensitive network resources.

CISA Adds CVE-2024-5910 to KEV Catalog

To underscore the critical nature of this flaw, CISA on Thursday added CVE-2024-5910 to its Known Exploited Vulnerabilities (KEV) Catalog. This inclusion mandates all U.S. federal agencies to secure vulnerable Expedition servers by November 28, emphasizing the federal government’s priority to address known and actively exploited vulnerabilities.

The CVE-2024-5910 vulnerability exemplifies the ongoing challenge of securing essential network management tools. This flaw, particularly due to its integration with critical firewall migration software, emphasizes the need for immediate and proactive vulnerability management. Regular patching, stringent credential rotation, and restricted network access remain essential defenses against exploits like these.

With CISA closely monitoring this threat, addressing CVE-2024-5910 serves not only as regulatory compliance but as a vital security measure. Updating Expedition to the latest version and adhering to security best practices strengthens organizational resilience against similar vulnerabilities, helping prevent unauthorized access and safeguard sensitive network configurations.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Latest news

Must read

More

    French ISP Free Discloses Data Breach, Notifies Cybersecurity Agencies

    Free, France’s second-largest internet service provider, confirmed it...

    You might also likeRELATED
    Recommended to you

    0
    Would love your thoughts, please comment.x
    ()
    x