November 12, 2024: CISA has added a now patched critical security flaw that has impacted Palo Alto Networks Expedition with evidence of active exploitation, being tracked as CVE-2024-5910.
The vulnerability carries a CVSS score of 9.3/10 due to missing authentication in Palo Alto’s Expedition migration tool that could allow for an account take over.
Impact of Palo Alto Expedition Migration Tool Vulnerability
The flaw affects all versions of Expedition prior to version 1.2.92. That version was released in July of 2024 to fix the issue.
The missing authentication could allow cyber threat actors to take over an admin account with Expedition and potentially access configuration secrets, credentials and other data, according to CISA.
The flaw was discovered in July of 2024 and patched. While there were no reports of real world incidents initially, there are now reports from CISA citing evidence of the flaw being actively exploited.
Patching and Mitigating Palo Alto Expedition Migration Tool
Users are recommended to update to the latest version (1.2.92), which remediates the issue.
Workarounds recommended by Palo Alto Networks is that access to Expedition is restricted to authorized users, hosts and networks if updates aren’t applied.
Expedition users should also be aware that Palo Alto Networks will no longer support the Expedition Migration tool as of January 2025, including all version of 1 and 2 branches, which would impact support and patches for issues such as this vulnerability in the future.
Solutions
If you are concerned about this flaw impacting your network, contact SecuLore for more information to get started with a monitoring option to detect malicious traffic attempting to exploit vulnerabilities on your network security.
SecuLore CyberSight™ provides management of your attack surface and monitoring through our patented technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers)
Stay cyber-safe,
SecuLore Support Team
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.