CVE-2018-10142
published 2018-11-27CVE-2018-10142: The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
PriorityP347high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
2.16%
79.9th percentile
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | palo_alto_networks_expedition | — | — |
| paloalto | expedition | — | — |
| paloaltonetworks | expedition | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Information Disclosure in Expedition Migration Tool
vendor_paloalto·2018-11-20·CVSS 7.5
CVE-2018-10142 [HIGH] CWE-200 Information Disclosure in Expedition Migration Tool
Information Disclosure in Expedition Migration Tool
An information disclosure vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-750/CVE-2018-10142)
Successful exploitation of this issue may allow an unauthenticated attacker to enumerate files on the operating system.
This issue affects Expedition 1.0.106 and earlier.
Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool.
Affected products: Expedition
Solution: Expedition 1.0.107 and later
Workaround: N/A
GHSA
GHSA-gjgw-92x5-xgw4: The Expedition Migration tool 1
ghsa_unreviewed·2022-05-13
CVE-2018-10142 [HIGH] CWE-200 GHSA-gjgw-92x5-xgw4: The Expedition Migration tool 1
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
No detection rules found.
No writeups or analysis indexed.
2018-11-27
Published