CVE-2020-1977
published 2020-02-12CVE-2020-1977: Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of…
PriorityP343high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.51%
39.6th percentile
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | expedition | 1.1 – 1.1.51 | — |
| paloalto | expedition | — | — |
| paloaltonetworks | expedition_migration_tool | 1.1 – 1.1.51 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.
vendor_paloalto·2020-02-12·CVSS 8.8
CVE-2020-1977 [HIGH] CWE-352 Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.
Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.
Affected products: Expedition
Solution: This issue is fixed in Expedition Migration Tool 1.1.52 and later versions.
Workaround: To prevent the chance of malicious websites making forged requests to Expedition Migration Tool, you should access the tool exclusively from a web browser and log out after each use.
GHSA
GHSA-mvx2-hxjc-7fjw: Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentic
ghsa_unreviewed·2022-05-24
CVE-2020-1977 [MEDIUM] CWE-352 GHSA-mvx2-hxjc-7fjw: Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentic
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-02-12
Published