CVE-2018-10143

9.8CRITICAL

Key Information:

Vendor: Palo Alto Networks
Status: Palo Alto Networks Expedition
Vendor: CVE Published:; 12 December 2018

Summary

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.

Affected Version(s)

Palo Alto Networks Expedition Expedition 1.0.107 and earlier

References

http://www.securityfocus.com/bid/106174

vdb-entryx_refsource_BID

https://doddsecurity.com/234/command-injection-on-palo-al...

x_refsource_MISC

https://security.paloaltonetworks.com/CVE-2018-10143

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2018
Vulnerability Reserved
Apr 16, 2018

Collectors

NVD DatabaseMitre Database