PT-2020-3032 · Palo Alto Networks · Expedition Migration Tool

Jimi Sebree

Published

2020-02-12

Updated

2021-12-30

CVE-2020-1977

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Expedition Migration Tool versions 1.1.51 and earlier

Description The issue is related to insufficient Cross-Site Request Forgery (XSRF) protection, which can be exploited by a remote attacker to hijack the authentication of administrators and perform actions on the Expedition Migration Tool. This can allow the attacker to substitute a user during a session and execute arbitrary code.

Recommendations For Expedition Migration Tool versions 1.1.51 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Expedition Migration Tool to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

BDU:2020-03287

CVE-2020-1977

Affected Products

Expedition Migration Tool

PT-2020-3032 · Palo Alto Networks · Expedition Migration Tool

CVE-2020-1977

Weakness Enumeration

Related Identifiers

Affected Products

References · 6