According to CISA, a Palo Alto Networks Expedition vulnerability patched a few months ago is being exploited in attacks. Palo Alto Networks patched CVE-2024-5910 in July. The vulnerability is described as a critical missing authentication issue allowing an attacker with network access to Expedition to take over an admin account. Expedition is a tool designed to make it easier for users to migrate a configuration from a third-party vendor such as Checkpoint or Cisco to a Palo Alto Networks product. According to Palo Alto, “configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.” CISA has added CVE-2024-5910 to its Known Exploited Vulnerabilities (KEV) catalog, instructing federal agencies to address it by the end of the month. This is the second Palo Alto Networks product vulnerability added to the KEV list this year.
SecurityWeek reports: "Palo Alto Networks Expedition Vulnerability Exploited in Attacks, CISA Warns"