Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.
CVE-2020-1977

7.5HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Expedition
Vendor: CVE Published:; 12 February 2020

Summary

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

Affected Version(s)

Expedition 1.1 <= 1.1.51

References

https://security.paloaltonetworks.com/CVE-2020-1977

x_refsource_MISC

https://www.tenable.com/security/research/tra-2020-11

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2020
Vulnerability Reserved
Dec 4, 2019

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Jimi Sebree of Tenable Research for discovering and responsibly reporting this issue.