Palo Alto Networks fixed a critical bug in the Expedition tool

Pierluigi Paganini July 12, 2024

Palo Alto Networks addressed five vulnerabilities impacting its products, including a critical authentication bypass issue.

Palo Alto Networks released security updates to address five security flaws impacting its products, the most severe issue, tracked as CVE-2024-5910 (CVSS score: 9.3), is a missing authentication for a critical function in Palo Alto Networks Expedition that can lead to an admin account takeover.

Palo Alto Networks Expedition is a tool designed to help users transition to and optimize Palo Alto Networks’ next-generation firewalls. It assists with the migration of configurations from other firewall vendors and legacy Palo Alto Networks devices to newer models. Additionally, Expedition provides automation and best practice adoption to improve security posture and operational efficiency.

“Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.” . “Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.”

The vulnerability affects Expedition versions before 1.2.92. The researcher Brian Hysell reported the flaw to the security vendor.

The company is not aware of any attacks in the wild or public exploits targeting this issue.

The company recommends restricting network access to Expedition to authorized users, hosts, or networks.

Palo Alto also addressed a File Upload Vulnerability, tracked as (CVSS score: 7.0), in the Panorama Web Interface of PAN-OS.

“An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama.” . “Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.”

The remaining issues addressed by the security vendor are:

6.8Cortex XDR Agent 8.4Cortex XDR Agent 8.3-CECortex XDR Agent 8.3Cortex XDR Agent 8.2Cortex XDR Agent 7.9-CENoneNoneNone< 8.2.2< 7.9.102-CEAllAllAll>= 8.2.2>= 7.9.102-CE2024-07-102024-07-10
5.4Cloud NGFWPAN-OS 11.2PAN-OS 11.1PAN-OS 11.0PAN-OS 10.2PAN-OS 10.1Prisma AccessNone< 11.2.1< 11.1.4< 11.0.5< 10.2.10< 10.1.14-h2NoneAll>= 11.2.1>= 11.1.4>= 11.0.5>= 10.2.10>= 10.1.14-h2All2024-07-102024-07-10
5.3Cloud NGFWPAN-OS 11.2PAN-OS 11.1PAN-OS 11.0PAN-OS 10.2PAN-OS 10.1PAN-OS 9.1Prisma AccessNoneNone< 11.1.3< 11.0.4-h4< 10.2.10< 10.1.14< 9.1.19AllAllAll>= 11.1.3>= 11.0.4-h4>= 10.2.10>= 10.1.14>= 9.1.19None (Fix ETA: July 30)2024-07-102024-07-10

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Palo Alto )



you might also like

leave a comment