PT-2018-2009 · Palo Alto Networks · Palo Alto Networks Expedition Migration Tool

Reginald Dodd

Published

2018-12-11

Updated

2020-02-17

CVE-2018-10143

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition Migration tool version 1.0.107 and earlier

Description The issue allows an unauthenticated attacker with remote access to run system-level commands on the device hosting the service/application. It is due to insufficient input validation in the Palo Alto Networks Migration Tool, which can be exploited by a local attacker to execute arbitrary code with system privileges using a specially crafted request.

Recommendations For version 1.0.107 and earlier, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-269

Related Identifiers

BDU:2018-01625

CVE-2018-10143

Affected Products

Palo Alto Networks Expedition Migration Tool

PT-2018-2009 · Palo Alto Networks · Palo Alto Networks Expedition Migration Tool

CVE-2018-10143

Weakness Enumeration

Related Identifiers

Affected Products

References · 9