Palo Alto Networks releases patches for critical flaw in Expedition Tool

Palo Alto Networks has issued security updates to mitigate five vulnerabilities affecting its products, including a critical flaw in the Expedition tool. Palo Alto Networks Expedition is a migration tool designed to facilitate the transition of configurations from various vendors to Palo Alto Networks' devices.

The critical vulnerability is tracked as CVE-2024-5910 (CVSS score 9.3), is a missing authentication in the Expedition migration tool, potentially allowing attackers to take over an admin account. The attacker can extract configuration secrets, credentials, and other data imported into Expedition are at risk. All versions of Expedition prior to 1.2.92 are affected.

Users are advised to upgrade to version 1.2.92 or later or to restrict network access to Expedition to authorized users, hosts, or networks.

Palo Alto also released a patch for the BlastRadius flaw CVE-2024-3596 - A flaw in the RADIUS protocol called BlastRADIUS could enable an adversary-in-the-middle (AitM) attack between Palo Alto Networks PAN-OS firewall and a RADIUS server, leading to privilege escalation to 'superuser'.

Affected Products and Versions:

• PAN-OS 11.1: Versions < 11.1.3 (fixed in >= 11.1.3)
• PAN-OS 11.0: Versions < 11.0.4-h4 (fixed in >= 11.0.4-h4)
• PAN-OS 10.2: Versions < 10.2.10 (fixed in >= 10.2.10)
• PAN-OS 10.1: Versions < 10.1.14 (fixed in >= 10.1.14)
• PAN-OS 9.1: Versions < 9.1.19 (fixed in >= 9.1.19)
• Prisma Access: All versions (fix expected on July 30)

Users are advised to update to the latest versions and avoid using CHAP or PAP without an encrypted tunnel.

Full list of patched by Palo Alto Networks can be found here.