File Enumeration Vulnerability in Expedition Migration Tool by Palo Alto Networks
CVE-2018-10142

7.5HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Palo Alto Networks Expedition
Vendor: CVE Published:; 27 November 2018

Summary

The Expedition Migration Tool, versions 1.0.106 and prior, contains a vulnerability that permits unauthenticated attackers to enumerate files on the underlying operating system. This can expose sensitive information or lead to further exploitation within the system. It is crucial for users of the affected product to apply necessary precautions to mitigate the risk associated with this vulnerability.

Affected Version(s)

Palo Alto Networks Expedition Expedition 1.0.106 and earlier

References

http://www.securityfocus.com/bid/106069

vdb-entryx_refsource_BID

https://security.paloaltonetworks.com/CVE-2018-10142

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2018
Vulnerability Reserved
Apr 16, 2018