Palo Alto Networks fixed a critical bug in the Expedition tool


Palo Alto Networks fixed a critical bug in the Expedition tool

Pierluigi Paganini
Palo Alto Networks fixed a critical bug in the Expedition tool July 12, 2024

Palo Alto Networks fixed a critical bug in the Expedition tool

Palo Alto Networks addressed five vulnerabilities impacting its products, including a critical authentication bypass issue.

Palo Alto Networks released security updates to address five security flaws impacting its products, the most severe issue, tracked as CVE-2024-5910 (CVSS score: 9.3), is a missing authentication for a critical function in Palo Alto Networks Expedition that can lead to an admin account takeover.

Palo Alto Networks Expedition is a tool designed to help users transition to and optimize Palo Alto Networks’ next-generation firewalls. It assists with the migration of configurations from other firewall vendors and legacy Palo Alto Networks devices to newer models. Additionally, Expedition provides automation and best practice adoption to improve security posture and operational efficiency.

“Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.” reads the advisory. “Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.”

The vulnerability affects Expedition versions before 1.2.92. The researcher Brian Hysell reported the flaw to the security vendor.

The company is not aware of any attacks in the wild or public exploits targeting this issue.

The company recommends restricting network access to Expedition to authorized users, hosts, or networks.

Palo Alto also addressed a File Upload Vulnerability, tracked as CVE-2024-5911 (CVSS score: 7.0), in the Panorama Web Interface of PAN-OS.

“An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama.” reads the advisory. “Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.”

The remaining issues addressed by the security vendor are:

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Palo Alto )







Source link