PaloAlto Network Expedition Migration Tool CVE-2018-10142 Unspecified Information Disclosure

Bugtraq ID:	106069
Class:	Design Error
CVE:	CVE-2018-10142
Remote:	Yes
Local:	No
Published:	Nov 28 2018 12:00AM
Updated:	Nov 28 2018 12:00AM
Credit:	Quentin (Paragonsec) Rhoads-Herrera
Vulnerable:	Paloaltonetworks Expedition (Migration Tool) 1.0.106
Not Vulnerable:	Paloaltonetworks Expedition (Migration Tool) 1.0.107

PaloAlto Network Expedition Migration Tool CVE-2018-10142 Unspecified Information Disclosure

PaloAlto Network Expedition Migration Tool prone to an unspecified information-disclosure vulnerability; fixes are available.

Attackers can exploit this issue to gain access to potentially sensitive information that may aid in further attacks.

PaloAlto Network Expedition Migration Tool 1.0.106 and prior versions are vulnerable.

PaloAlto Network Expedition Migration Tool CVE-2018-10142 Unspecified Information Disclosure

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

PaloAlto Network Expedition Migration Tool CVE-2018-10142 Unspecified Information Disclosure

Solution:
Updates are available. Please see the references or vendor advisory for more information.

PaloAlto Network Expedition Migration Tool CVE-2018-10142 Unspecified Information Disclosure

References:

• Palo Alto Expedition Home Page (Palo Alto)
  
• Palo Alto Home Page (Palo Alto Home Page)
  
• Palo Alto Security Advisory (Palo Alto Security Advisory)