CVE-2020-1977
Summary
| CVE | CVE-2020-1977 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-12 23:15:00 UTC |
| Updated | 2021-12-30 22:06:00 UTC |
| Description | Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Paloaltonetworks | Expedition Migration Tool | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2020-1977 Expedition Migration Tool: Insufficient Cross Site Request Forgery protection. | CONFIRM | security.paloaltonetworks.com | Vendor Advisory |
| Palo Alto Expedition Migration Tool Insufficient XSRF Protection - Research Advisory | Tenable® | MISC | www.tenable.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Palo Alto Networks thanks Jimi Sebree of Tenable Research for discovering and responsibly reporting this issue.
There are currently no legacy QID mappings associated with this CVE.