CVE-2020-1977
Published Feb 12, 2020
Last updated 3 years ago
Overview
- Description
- Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:expedition_migration_tool:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F3A3127-6B1A-4F32-BAB8-8E177FF0038B",
"versionEndIncluding": "1.1.51",
"versionStartIncluding": "1.1"
}
],
"operator": "OR"
}
]
}
]