CVE-2020-1977 — Cross-Site Request Forgery in Palo Alto Networks Expedition

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

8.8HIGHNVD

CNA7.5

EPSS

0.2%

top 58.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Expedition Paloaltonetworks Expedition Migration Tool Paloalto Expedition

Timeline

PublishedFeb 12

Latest updateMay 24

Description

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDpaloaltonetworks/expedition_migration_tool1.1 — 1.1.51

▶CVEListV5palo_alto_networks/expedition1.1 — 1.1.51

▶Palo Altopaloalto/expedition

🔴Vulnerability Details

GHSA

GHSA-mvx2-hxjc-7fjw: Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentic↗2022-05-24

▶

CVEList

Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.↗2020-02-12

▶

📋Vendor Advisories

Palo Alto

Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.↗2020-02-12

▶