Skip to main content

Expedition CVE-2024-5910

CRITICAL
Missing Authentication for Critical Function (CWE-306)
2024-07-10 psirt@paloaltonetworks.com
9.3
CVSS 4.0 · Vendor: paloaltonetworks
Share

Severity by source

Vendor (paloaltonetworks) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red

Primary rating from Vendor (paloaltonetworks) · only source for this CVE.

CVSS VectorVendor: paloaltonetworks

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Added to CISA KEV
Jul 14, 2026 - 04:22 CISA
CVE Published
Jul 10, 2024 - 19:15 cve.org
CRITICAL 9.3

DescriptionCVE.org

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

AnalysisAI

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue. Affected products include: Paloaltonetworks Expedition.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

CVE-2025-0107 HIGH POC
7.7 Jan 11

Palo Alto Networks Expedition contains an unauthenticated OS command injection vulnerability that allows attackers to ex

CVE-2024-9463 CRITICAL POC
9.9 Oct 09

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitra

CVE-2018-10143 CRITICAL POC
9.8 Dec 12

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote a

CVE-2024-9465 CRITICAL POC
9.2 Oct 09

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition

CVE-2024-9464 CRITICAL
9.3 Oct 09

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary

CVE-2019-1571 MEDIUM POC
4.8 Mar 26

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML

CVE-2019-1570 MEDIUM POC
4.8 Mar 26

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML

CVE-2019-1569 MEDIUM POC
4.8 Mar 26

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML

CVE-2024-9466 HIGH
8.2 Oct 09

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated atta

CVE-2018-10142 HIGH
7.5 Nov 27

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operat

CVE-2024-9467 HIGH
7.0 Oct 09

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context

CVE-2025-0106 MEDIUM
6.9 Jan 11

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate file

Share

CVE-2024-5910 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy