Security News > 2024 > November > Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)
2024-11-08 11:36

A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of Synopsys Cybersecurity Research Center (CyRC), CVE-2024-5910 stems from missing authentication for a critical function, which can lead to an Expedition admin account takeover for attackers with network access to the installation. A security update fixing … More → The post Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/11/08/cve-2024-5910/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-07-10 CVE-2024-5910 Missing Authentication for Critical Function vulnerability in Paloaltonetworks Expedition
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment.
network
low complexity
paloaltonetworks CWE-306
critical
 9.8
9.8