Cyber Resilience

CVE-2024-5910

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 10 July 2024

Published
10 July 2024
Modified
04 November 2025
KEV Added
07 November 2024
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red
EPSS Score 0.9103 99.7th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5910 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Paloaltonetworks Expedition. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2024-5910 is a missing authentication for critical function vulnerability, tracked under CWE-306, that affects Palo Alto Networks Expedition. The tool assists with configuration migration, tuning, and enrichment, and the flaw can result in admin account takeover when an attacker has network access to an Expedition instance. Imported configuration secrets, credentials, and other data are placed at risk by successful exploitation.

Attackers with network access to Expedition can exploit the issue without any authentication to seize administrative control of the application. This grants them the ability to access or exfiltrate sensitive data stored within the system.

Palo Alto Networks has published security advisories for the vulnerability, and it appears in the CISA Known Exploited Vulnerabilities catalog.

The associated EPSS score reached a peak of 0.9710 with a current value of 0.9103, and public research demonstrating full compromise paths has been released alongside the disclosure.

EU & UK References

Vulnerability details

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets,…

more

credentials, and other data imported into Expedition is at risk due to this issue.

CWE(s)
KEV Date Added
07 November 2024

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078.003 Local Accounts Stealth
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Missing authentication on admin password reset enables exploitation of a public-facing web application (T1190) for local admin account takeover (T1078.003), exposing stored configuration secrets and credentials (T1552.001).

Affected Assets

paloaltonetworks
expedition
1.2.0 — 1.2.92

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks on all critical functions, blocking the unauthenticated admin takeover path described in CVE-2024-5910.

prevent

Requires identification and authentication of users before granting access to Expedition, eliminating the missing-authentication condition that enables remote account takeover.

AC-17 Remote Access partial match
prevent

Mandates authenticated and authorized remote access mechanisms for Expedition, limiting the network-access attack surface that allows unauthenticated exploitation.

References