Palo Alto Networks Security Advisories / PAN-SA-2019-0004

PAN-SA-2019-0004 Cross-Site Scripting in Expedition Migration Tool


047910
Severity 4.8 · MEDIUM
Attack Vector NETWORK
Scope CHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required HIGH
Integrity Impact LOW
User Interaction REQUIRED
Availability Impact NONE
JSON
Published 2019-03-12
Updated
Reference MT-926, MT-927, MT-928 and MT-929 PAN-SA-2019-0004
Discovered externally

Description

Three cross-site scripting (XSS) vulnerabilities exist in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-926/ CVE-2019-1569; MT-927/ CVE-2019-1570; MT-928, MT-929/ CVE-2019-1571)

CVE-2019-1569: Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the User Mapping settings.

CVE-2019-1570: Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the LDAP server settings.

CVE-2019-1571: Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the RADIUS server settings.

This issue affects Expedition 1.1.8 and earlier.

Note that this issue only impacts the Palo Alto Networks Migration Tool (“Expedition”), a tool available from the Palo Alto Networks Live site. This issue does not affect PAN-OS or any other supported product or service. For more information on Expedition, see: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool.

CVECVSSSummary
CVE-2019-15694.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.
CVE-2019-15704.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.
CVE-2019-15714.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.

Product Status

VersionsAffectedUnaffected
Expedition 1.1<= 1.1.8>= 1.1.9

Severity: MEDIUM

CVSSv3.1 Base Score: 4.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

Weakness Type

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Solution

Expedition 1.1.9 and later

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks would like to thank Sayali Kulkarni of Tenable for reporting these issues.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.