CVE-2024-5910 Scanner

Palo Alto Expedition is a network migration tool developed by Palo Alto Networks and widely used by IT professionals and network administrators to simplify network security configuration and migration tasks. It facilitates the conversion and optimization of firewall configuration files from various vendors to Palo Alto's standards. The software is primarily deployed in enterprise environments where network complexity and compliance demands are high. It offers extensive automation for consolidating firewall rules and optimizing configurations, making it crucial for organizations aiming for more secure and manageable network structures. Expedition’s accessibility and feature set make it a popular choice for organizations aiming to manage and secure network transitions effectively.

This vulnerability exists in Palo Alto Expedition due to missing authentication for a critical function, allowing attackers with network access to take over the Expedition admin account. This issue represents a significant security risk as it enables unauthorized access to administrative controls. By exploiting this vulnerability, attackers can manipulate key configurations within Expedition, potentially leading to the complete compromise of the system. The criticality of this flaw highlights the need for organizations to address the gap promptly to avoid exploitation.

The specific vulnerability is found in an endpoint of the Palo Alto Expedition that manages admin account restoration and authentication bypass. The vulnerable endpoint, /OS/startup/restore/restoreAdmin.php, allows unauthenticated access, enabling attackers to reset or gain admin privileges without valid credentials. When accessed, this endpoint returns specific messages confirming the restoration of admin rights, which are exploitable by malicious entities. The weakness lies in the lack of proper access control mechanisms for this endpoint, leaving it exposed to unauthorized actions. Such gaps are highly critical as they enable potential attackers to take administrative control over Expedition.

When exploited, this vulnerability can lead to unauthorized admin access, compromising the integrity and security of network configurations. Attackers gaining control over Expedition can alter firewall rules and security policies, which may expose the organization’s entire network to further cyber-attacks. The takeover may also result in unauthorized access to sensitive network data and allow attackers to manipulate configurations, potentially disrupting network operations. This level of access undermines an organization’s ability to maintain secure network boundaries and can lead to significant financial and reputational damage.

With S4E’s scanner, organizations gain access to advanced vulnerability detection capabilities designed to secure critical assets from unauthorized access and cyber threats. By leveraging our platform, users can detect high-risk vulnerabilities like admin account takeovers before they impact their operations. With regular scans and detailed reports, organizations can proactively manage risks, optimize their security posture, and ensure compliance with industry standards. S4E’s easy-to-use platform helps businesses to safeguard against evolving threats, making it an essential tool for any security-conscious organization.

References:

• https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise
• https://security.paloaltonetworks.com/CVE-2024-5910
• https://nvd.nist.gov/vuln/detail/CVE-2024-5910