CVE-2020-1977

Published: Feb 12, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

Affected (1)

Products: Paloaltonetworks: Expedition Migration Tool

Paloaltonetworks

1 product

Expedition Migration Tool

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Expedition Migration Tool	From 1.1 to 1.1.51

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://security.paloaltonetworks.com/CVE-2020-1977

Source: psirt@paloaltonetworks.com

Vendor Advisory

https://www.tenable.com/security/research/tra-2020-11

Source: psirt@paloaltonetworks.com

Third Party Advisory

https://security.paloaltonetworks.com/CVE-2020-1977

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tenable.com/security/research/tra-2020-11

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.