PT-2018-2064 · Fortinet · Expedition Migration Tool

Paragonsec

Published

2018-11-20

Updated

2020-02-17

CVE-2018-10142

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Expedition Migration Tool versions 1.0.106 and earlier

Description The issue is related to weaknesses in the authentication procedure of the Expedition Migration Tool. This can allow a remote attacker to gain access to protected information. An unauthenticated attacker may be able to enumerate files on the operating system.

Recommendations For versions 1.0.106 and earlier, update to a version that addresses the authentication weaknesses to prevent unauthorized access and file enumeration. As a temporary workaround, consider restricting access to the Expedition Migration Tool to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2019-00014

CVE-2018-10142

Affected Products

Expedition Migration Tool

PT-2018-2064 · Fortinet · Expedition Migration Tool

CVE-2018-10142

Weakness Enumeration

Related Identifiers

Affected Products

References · 6