CVE-2018-10143 — Improper Privilege Management in Palo Alto Networks Expedition

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

28.1%

top 3.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Expedition Paloaltonetworks Expedition Paloalto Expedition

Timeline

PublishedDec 12

Latest updateMay 13

Description

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDpaloaltonetworks/expedition1.0.107

▶CVEListV5palo_alto_networks/palo_alto_networks_expeditionExpedition 1.0.107 and earlier

▶Palo Altopaloalto/expedition

🔴Vulnerability Details

GHSA

GHSA-r6rp-496r-7c7f: The Palo Alto Networks Expedition Migration tool 1↗2022-05-13

▶

CVEList

CVE-2018-10143: The Palo Alto Networks Expedition Migration tool 1↗2018-12-12

▶

📋Vendor Advisories

Palo Alto

Remote Code Execution in Expedition Migration Tool↗2018-12-11

▶