CVE-2018-10142 Information Disclosure in Expedition Migration Tool
An information disclosure vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-750/CVE-2018-10142)
Successful exploitation of this issue may allow an unauthenticated attacker to enumerate files on the operating system.
This issue affects Expedition 1.0.106 and earlier.
Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool.
|Expedition 1.0||<= 1.0.106||>= 1.0.107|
CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Expedition 1.0.107 and later
Workarounds and Mitigations