Expedition Security Vulnerabilities and Issues — Expedition CVE List

Lucene search

PaloaltonetworksExpedition

12 matches found

CVE•added 2024/07/10 7:15 p.m.•2435 views

CVE-2024-5910

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials,...

9.8CVSS6.8AI score0.91195EPSS

CVE•added 2024/10/09 5:15 p.m.•1053 views

CVE-2024-9463

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

9.9CVSS8AI score0.94245EPSS

CVE•added 2024/10/09 5:15 p.m.•499 views

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition ...

9.2CVSS9.8AI score0.94244EPSS

CVE•added 2024/10/09 5:15 p.m.•477 views

CVE-2024-9466

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

8.2CVSS7.7AI score0.08687EPSS

CVE•added 2024/10/09 5:15 p.m.•221 views

CVE-2024-9464

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

9.3CVSS8.2AI score0.82597EPSS

CVE•added 2020/02/12 11:15 p.m.•72 views

CVE-2020-1977

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier vers...

8.8CVSS8.4AI score0.00192EPSS

CVE•added 2024/10/09 5:15 p.m.•58 views

CVE-2024-9467

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

7CVSS7.6AI score0.00368EPSS

CVE•added 2018/12/12 12:29 a.m.•48 views

CVE-2018-10143

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.

10CVSS9.5AI score0.26747EPSS

CVE•added 2019/03/26 11:29 p.m.•45 views

CVE-2019-1571

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.

4.8CVSS5AI score0.00692EPSS

CVE•added 2019/03/26 10:29 p.m.•41 views

CVE-2019-1570

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.

4.8CVSS5AI score0.00692EPSS

CVE•added 2018/11/27 9:0 p.m.•39 views

CVE-2018-10142

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.

7.5CVSS7.5AI score0.0075EPSS

CVE•added 2019/03/26 10:29 p.m.•37 views

CVE-2019-1569

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.

4.8CVSS5.1AI score0.00692EPSS