Get supportSecurity advisories
Subscriptions
Report vulnerabilities
Palo Alto Networks Security Advisories / PAN-SA-2019-0004

PAN-SA-2019-0004 Cross-Site Scripting in Expedition Migration Tool


Severity 4.8 · MEDIUM
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required HIGH
User Interaction REQUIRED
Scope CHANGED
Confidentiality Impact LOW
Integrity Impact LOW
Availability Impact NONE
JSON
Published: 2019-03-12
Updated: 2019-03-12
Ref#: MT-926, MT-927, MT-928 and MT-929 PAN-SA-2019-0004

Description

Three cross-site scripting (XSS) vulnerabilities exist in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-926/ CVE-2019-1569; MT-927/ CVE-2019-1570; MT-928, MT-929/ CVE-2019-1571)

CVE-2019-1569: Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the User Mapping settings.

CVE-2019-1570: Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the LDAP server settings.

CVE-2019-1571: Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the RADIUS server settings.

This issue affects Expedition 1.1.8 and earlier.

Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool.

CVECVSSSummary
CVE-2019-15694.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.
CVE-2019-15704.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.
CVE-2019-15714.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.

Product Status

Expedition

VersionsAffectedUnaffected
1.1<= 1.1.8>= 1.1.9

Severity: MEDIUM

CVSSv3.1 Base Score: 4.8 ( CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N )

Solution

Expedition 1.1.9 and later

Workarounds and Mitigations

N/A

Acknowledgements

  • Palo Alto Networks would like to thank Sayali Kulkarni of Tenable for reporting these issues.
© 2020 Palo Alto Networks, Inc. All rights reserved.