search

ums91 / CISA_BOT

CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.
2 stars 0 forks source link

2024/11 : Internal-CISA - Palo Alto Expedition - CVE-2024-5910 #139

Closed ums91 closed 3 hours ago

ums91 commented 3 hours ago

Summary

Confirm if Palo Alto Expedition vulnerability below is applicable to any systems.

Reference

From CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

CVE-2024-5910

Severity

UNKNOWN - CVSS vTBD - (No NVD record available at time of creation)

Detailed description of the vulnerability

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Reporter

CISA

ums91 commented 3 hours ago

This vulnerability is not applicable to any systems.