H-ISAC TLP White Palo Alto Networks Critical Expedition Flaw CVE-2024-5910 Is Being Exploited

The flaw, CVE-2024-5910, originally disclosed in July, is a missing authentication flaw that affects Palo Alto Networks’ Expedition, a firewall configuration migration tool. In the event of a successful attack, the flaw could allow threat actors with network access to gain control of an Expedition admin account. As a result, threat actors can gain access to configuration settings, credentials, and other potentially sensitive data imported into vulnerable Expedition instances. The flaw's CVSS score is 9.3.

Given the widespread use of Palo Alto Networks devices among the membership, Health-ISAC advises network administrators to prioritize patching this vulnerability in cases where this has not already been done as the most efficient way to mitigate the threat of exploitation. Additionally, it is advised to continuously monitor systems for suspicious activity to prevent possible intrusion.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272