cbcvebase.
CVE-2020-1977
published 2020-02-12

CVE-2020-1977: Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of…

PriorityP343high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.51%
39.6th percentile
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

Affected

3 ranges
VendorProductVersion rangeFixed in
palo_alto_networksexpedition1.1 – 1.1.51
paloaltoexpedition
paloaltonetworksexpedition_migration_tool1.1 – 1.1.51

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.