CISA warns of critical Palo Alto Networks bug exploited in attacks

Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS.

This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition servers.

“Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data,” CISA says.

While the cybersecurity agency has yet to provide more details on these attacks, Horizon3.ai vulnerability researcher Zach Hanley released a proof-of-concept exploit in October that can help chain this admin reset flaw with a CVE-2024-9464 command injection vulnerability (patched last month) to gain “unauthenticated” arbitrary command execution on vulnerable Expedition servers.

CVE-2024-9464 can be chained with other security flaws (also addressed by Palo Alto Networks in October) to take over firewall admin accounts and hijack PAN-OS firewalls.

Admins who can’t immediately install security updates to block incoming attacks are advised to restrict Expedition network access to authorized users, hosts, or networks.

“All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating,” the company cautions.

Palo Alto Networks has yet to update its security advisory to warn customers of ongoing CVE-2024-5910 attacks.

CISA also added the vulnerability to its Known Exploited Vulnerabilities Catalog on Thursday. As required by the binding operational directive (BOD 22-01) issued in November 2021, U.S. federal agencies must now secure vulnerable Palo Alto Networks Expedition servers on their networks against attacks within three weeks, by November 28.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the cybersecurity agency warned.

Sergiu Gatlan

Leave a Comment Cancel Reply

London, GB

3:02 am, Jun 29, 2025

20°C

L: 19° | H: 20°

Feels like 20°C° clear sky

Humidity: 82 %

Pressure: 1025 mb

Wind: 5 mph NW

Wind Gust: 9 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 0%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 4:46 am

Sunset: 9:21 pm

DailyHourly

Daily ForecastHourly Forecast

Today 10:00 pm

19° | 20°°C 0 mm 0% 7 mph 83 % 1025 mb 0 mm/h

Tomorrow 10:00 pm

20° | 35°°C 0.2 mm 20% 8 mph 67 % 1022 mb 0 mm/h

Tue Jul 01 10:00 pm

22° | 33°°C 0 mm 0% 10 mph 70 % 1017 mb 0 mm/h

Wed Jul 02 10:00 pm

17° | 27°°C 1 mm 100% 12 mph 91 % 1018 mb 0 mm/h

Thu Jul 03 10:00 pm

14° | 19°°C 1 mm 100% 14 mph 93 % 1026 mb 0 mm/h

Today 4:00 am

18° | 20°°C 0 mm 0% 5 mph 82 % 1025 mb 0 mm/h

Today 7:00 am

18° | 19°°C 0 mm 0% 5 mph 83 % 1025 mb 0 mm/h

Today 10:00 am

22° | 23°°C 0 mm 0% 4 mph 65 % 1025 mb 0 mm/h

Today 1:00 pm

28° | 28°°C 0 mm 0% 4 mph 41 % 1025 mb 0 mm/h

Today 4:00 pm

30° | 30°°C 0 mm 0% 4 mph 35 % 1023 mb 0 mm/h

Today 7:00 pm

28° | 28°°C 0 mm 0% 0 mph 34 % 1021 mb 0 mm/h

Today 10:00 pm

25° | 25°°C 0 mm 0% 7 mph 54 % 1022 mb 0 mm/h

Tomorrow 1:00 am

22° | 22°°C 0 mm 0% 7 mph 63 % 1022 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€91,607.23	0.29%
Ethereum(ETH)	€2,074.27	0.65%
Tether(USDT)	€0.85	-0.01%
XRP(XRP)	€1.86	0.75%
Solana(SOL)	€128.31	5.87%
USDC(USDC)	€0.85	0.00%
Dogecoin(DOGE)	€0.139533	1.48%
Shiba Inu(SHIB)	€0.000010	1.54%
Pepe(PEPE)	€0.000009	3.36%

CISA warns of critical Palo Alto Networks bug exploited in attacks

Share:

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us