Outbreak AlertPalo Alto Expedition Missing Authentication Vulnerability
Watch Video
Admin Account Takeover
FortiGuard sensors continue to detect and block attack attempts targeting the Palo Alto Expedition vulnerabilities that could allow attackers to take over administrative accounts, putting configuration secrets, credentials, and other imported data within Expedition at serious risk. Learn More »
Common Vulnerabilities and Exposures
Background
Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks.
Last month, multiple other vulnerabilities in Palo Alto Networks Expedition were also discovered, combined, these could potentially put organizations at risk of disclosure of information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVE-2024-5910 (Missing Authentication)
CVE-2024-9463 (Unauthenticated command injection vulnerability)
CVE-2024-9464 (Authenticated command injection vulnerability)
CVE-2024-9465 (Unauthenticated SQL injection vulnerability)
CVE-2024-9466 (Cleartext credentials stored in logs)
CVE-2024-9467 (Unauthenticated reflected XSS vulnerability)
As of now, there is evidence of malicious exploitation of the CVE-2024-5910, CVE-2024-9463, and CVE-2024-9465, which has also been added to the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) Catalog.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
FortiGuard recommends users to apply the fix provided by the vendor and follow any mitigation steps provided. The FortiGuard Threat Research Team is actively monitoring the vulnerabilities and will update this report with any new developments.
-
November 14, 2024: The Cybersecurity and Infrastructure Security Agency (CISA) added (CVE-2024-9463 and CVE-2024-9465) Palo Alto Networks Expedition Vulnerabilities to Known Exploited Vulnerabilities (KEV) Catalog.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog -
November 08, 2024: CISA added CVE-2024-5910 to CISA's Known Exploited Vulnerabilities (KEV) Catalog.
-
November 08, 2024: FortiGuard Labs released a Threat Signal for the Known exploited Vulnerability (CVE-2024-5910)
https://www.fortiguard.com/threat-signal-report/5575 -
October 10, 2024: Palo Alto Networks released security updates to address the vulnerability. This issue is fixed in Expedition 1.2.92 and all later versions.
https://security.paloaltonetworks.com/CVE-2024-5910 -
October 09, 2024: Palo Alto released an Advisory and update on multiple vulnerabilities in Palo Alto Networks Expedition
https://security.paloaltonetworks.com/PAN-SA-2024-0010
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Monitoring (Inside & Outside)
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
References
Sources of information in support and relation to this Outbreak and vendor.