ГлавнаяУязвимости → CVE-2024-5910
9.8критическая

CVE-2024-5910

→ есть в БДУ: BDU:2024-06369 (на русском)
Описание (на английском; русское — в БДУ выше)

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Затрагиваемое ПО
Paloaltonetworks Expedition
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://security.paloaltonetworks.com/CVE-2024-5910https://security.paloaltonetworks.com/CVE-2024-5910https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromisehttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5910