CVE-2024-5910

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-5910

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-10 19:15

Updated : 2024-07-11 13:05

NVD link : CVE-2024-5910

Mitre link : CVE-2024-5910

CVE.ORG link : CVE-2024-5910

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-5910", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 9.3, "automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-10T19:15:11.390", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5910", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.\n\nNote: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue."}, {"lang": "es", "value": "La falta de autenticaci\u00f3n para una funci\u00f3n cr\u00edtica en Palo Alto Networks Expedition puede provocar que los atacantes con acceso a la red de Expedition tomen el control de la cuenta de administrador de Expedition. Nota: Expedition es una herramienta que ayuda en la migraci\u00f3n, el ajuste y el enriquecimiento de la configuraci\u00f3n. Los secretos de configuraci\u00f3n, las credenciales y otros datos importados a Expedition est\u00e1n en riesgo debido a este problema."}], "lastModified": "2024-07-11T13:05:54.930", "sourceIdentifier": "psirt@paloaltonetworks.com"}

CVE-2024-5910

JSON object

Attach tags to CVE-2024-5910

Attach tags to `CVE-2024-5910`