Paloalto Expedition vulnerabilities

CVE-2024-5910 [CRITICAL] CWE-306 Expedition: Missing Authentication Leads to Admin Account Takeover Expedition: Missing Authentication Leads to Admin Account Takeover Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Ex

CVE-2021-44228 [CRITICAL] CWE-94 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to i

CVE-2020-1977 [HIGH] CWE-352 Expedition Migration Tool: Insufficient Cross Site Request Forgery protection. Expedition Migration Tool: Insufficient Cross Site Request Forgery protection. Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. Affect

CVE-2019-1574 [MEDIUM] CWE-79 Cross-Site Scripting in Expedition Migration Tool Cross-Site Scripting in Expedition Migration Tool A cross-site scripting (XSS) vulnerability exist in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-1009/ CVE-2019-1574) Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the Devices View. This issue affects Expedition 1.1.12 and earlier. Note that this issue only impacts the Palo Alto

CVE-2019-1567 [MEDIUM] CWE-79 Stored Cross-Site Scripting in Expedition Migration Tool Stored Cross-Site Scripting in Expedition Migration Tool A stored cross-site scripting (XSS) vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-908/ CVE-2019-1567) Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the User Mapping Settings. This issue affects Expedition 1.1.6 and earlier Affected products:

CVE-2018-10143 [CRITICAL] CWE-269 Remote Code Execution in Expedition Migration Tool Remote Code Execution in Expedition Migration Tool A remote code execution vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-794/ CVE-2018-10143) Successful exploitation of this issue may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. This issue affects Expedition 1.0.107 and earlier. Note t

CVE-2018-10142 [HIGH] CWE-200 Information Disclosure in Expedition Migration Tool Information Disclosure in Expedition Migration Tool An information disclosure vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-750/CVE-2018-10142) Successful exploitation of this issue may allow an unauthenticated attacker to enumerate files on the operating system. This issue affects Expedition 1.0.106 and earlier. Note that this issue only impacts the Palo Alto Networks Mi