CVE Vulnerability

CVE-2020-1977

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://security.paloaltonetworks.com/CVE-2020-1977 Vendor Advisory
https://www.tenable.com/security/research/tra-2020-11 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:paloaltonetworks:expedition_migration_tool:*:*:*:*:*:*:*:*
Information

Published : 2020-02-12 11:15

Updated : 2021-12-30 10:06

NVD link : CVE-2020-1977

Mitre link : CVE-2020-1977

Products Affected

Expedition Migration Tool

Paloaltonetworks

CWE
CWE-352