virus logo Intrusion Prevention

Palo.Alto.Networks.Expedition.Admin.Password.Reset

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass vulnerability in Palo Alto Networks Expedition.
The vulnerability is due to improper handling of user-supplied inputs. A remote, unauthenticated attacker can exploit the vulnerability by sending a crafted Admin password reset request to the vulnerable device. Successfully exploiting the vulnerability could allow an attacker to login using the default password.

description-logoOutbreak Alert

FortiGuard sensors continue to detect and block attack attempts targeting the Palo Alto Expedition vulnerabilities that could allow attackers to take over administrative accounts, putting configuration secrets, credentials, and other imported data within Expedition at serious risk.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Palo Alto Networks Expedition versions before 1.2.96

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://security.paloaltonetworks.com/PAN-SA-2024-0010

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-10-28 28.891
Modified
 Default_action:pass:drop
2024-10-11 28.882
New
ID 56726
Created Oct 10, 2024
Updated Oct 25, 2024
CVE ID
Tags Palo Alto Expedition Vulnerability Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 91.03%
Default Action drop
Active
Affected OS Linux
Affected App Other
Profile Type Permission/Privilege/Access Control