On November 8, 2024, Palo Alto Networks issued a warning about a potential remote code execution vulnerability in the management interface of its PAN-OS, identified as CVE-2024-5910.

CVE-2024-5910, which has a critical CVSS score of 9.3, involves a missing authentication flaw in the Expedition migration tool, potentially allowing attackers to take over admin accounts.

This advisory follows a recent alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which added CVE-2024-5910 to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to secure their systems by November 28, 2024.

CISA also warned of ongoing attacks exploiting this critical vulnerability, indicating that it is actively being targeted.

Users are advised to restrict inbound IP addresses to approved management devices and permit only secure communication methods such as SSH and HTTPS.

CISA emphasized that vulnerabilities like CVE-2024-5910 are common attack vectors for malicious actors and pose significant risks to federal enterprises.

Prisma Access and cloud NGFW services are currently believed to be unaffected by this potential vulnerability.

Zach Hanley, a vulnerability researcher, has released a proof-of-concept exploit that combines CVE-2024-5910 with another vulnerability, CVE-2024-9464, enabling unauthorized command execution on affected servers.

While the company is aware of the vulnerability claim, it has not observed any active exploitation attempts and is monitoring the situation closely.

To mitigate risks, Palo Alto Networks recommends securing management interface access by limiting it to trusted internal IPs, isolating it on a dedicated management VLAN, and using jump servers for access.

In July 2024, Palo Alto Networks released security updates addressing five vulnerabilities, with CVE-2024-5910 being the most critical.

CVE-2024-9464 is linked to other previously addressed vulnerabilities, potentially allowing attackers to hijack PAN-OS firewalls.