CVE-2024-5910

CRITICAL KEV NUCLEI

Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)

Title source: metasploit

Description

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Exploits (4)

exploitdb WORKING POC

by ByteHunter · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52129

View Code ZIP pw:eip

nomisec

by p33d · poc

https://github.com/p33d/Palo-Alto-Expedition-Remote-Code-Execution-Exploit-CVE-2024-5910-CVE-2024-9464

View on nomisec

metasploit WORKING POC EXCELLENT

by Michael Heinzl, Zach Hanley, Enrique Castillo, Brian Hysell · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/paloalto_expedition_rce.rb

View Code ZIP pw:eip

inthewild

poc

https://github.com/zetraxz/cve-2024-5910

View on inthewild

Nuclei Templates (1)

Palo Alto Expedition - Admin Account Takeover

CRITICALVERIFIEDby johnk3r

Shodan: http.favicon.hash:1499876150

References (3)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2024-5910

[Exploit, Third Party Advisory] https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5910

Scores

CVSS v3 9.8

EPSS 0.9103

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-11-07

VulnCheck KEV 2024-11-07

InTheWild.io 2024-11-07

ENISA EUVD EUVD-2024-47042

CWE

CWE-306

Status published

Products (1)

paloaltonetworks/expedition 1.2.0 - 1.2.92

Published Jul 10, 2024

KEV Added Nov 07, 2024

Tracked Since Feb 18, 2026