Arbitrary Code Execution in Expedition Migration Tool by Palo Alto Networks
CVE-2019-1567

5.4MEDIUM

Key Information:

Vendor
CVE Published:
9 April 2019

Summary

The Expedition Migration tool, version 1.1.6 and earlier, contains a vulnerability that could be exploited by authenticated attackers to execute arbitrary JavaScript or HTML code within the User Mapping Settings. This weakness could lead to serious security implications, including unauthorized data access and manipulation, compromising the integrity of the system. Organizations using affected versions should take immediate action to mitigate the risk associated with this vulnerability.

Affected Version(s)

Palo Alto Networks Expedition Migration Tool Expedition 1.1.6 and earlier

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.