Get supportSecurity advisories
Subscriptions
Report vulnerabilities
Palo Alto Networks Security Advisories / CVE-2018-10142

CVE-2018-10142 Information Disclosure in Expedition Migration Tool


Severity 7.5 · HIGH
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact NONE
Availability Impact NONE
NVD JSON
Published: 2018-11-20
Updated: 2018-11-20
Ref#: MT-750 PAN-SA-2018-0016

Description

An information disclosure vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-750/CVE-2018-10142)

Successful exploitation of this issue may allow an unauthenticated attacker to enumerate files on the operating system.

This issue affects Expedition 1.0.106 and earlier.

Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool.

Product Status

Expedition

VersionsAffectedUnaffected
1.0<= 1.0.106>= 1.0.107

Severity: HIGH

CVSSv3.1 Base Score: 7.5 ( CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N )

Solution

Expedition 1.0.107 and later

Workarounds and Mitigations

N/A

Acknowledgements

  • Palo Alto Networks would like to thank Quentin (Paragonsec) Rhoads-Herrera of Critical Start – Section 8 for reporting this issue.
© 2020 Palo Alto Networks, Inc. All rights reserved.