Palo Alto Networks critical flaw in Expedition Migration Tool [CVE-2024-5910]
CVE number = CVE-2024-5910
CVSS Score = 9.3
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
As a workaround you can ensure networks access to Expedition is restricted to authorized users, hosts, or networks.
This issue is fixed in Expedition 1.2.92 and all later versions.
Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.