Expedition@* Security Vulnerabilities and Issues — Expedition@* CVE List

Lucene search

PaloaltonetworksExpedition*

10 matches found

CVE•added 2024/07/10 7:15 p.m.•2436 views

CVE-2024-5910

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials,...

9.8CVSS6.8AI score0.91195EPSS

CVE•added 2024/10/09 5:15 p.m.•1054 views

CVE-2024-9463

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

9.9CVSS8AI score0.94245EPSS

CVE•added 2024/10/09 5:15 p.m.•500 views

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition ...

9.2CVSS9.8AI score0.94244EPSS

CVE•added 2024/10/09 5:15 p.m.•478 views

CVE-2024-9466

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

8.2CVSS7.7AI score0.08687EPSS

CVE•added 2024/10/09 5:15 p.m.•222 views

CVE-2024-9464

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

9.3CVSS8.2AI score0.82597EPSS

CVE•added 2020/02/12 11:15 p.m.•72 views

CVE-2020-1977

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier vers...

8.8CVSS8.4AI score0.00192EPSS

CVE•added 2024/10/09 5:15 p.m.•58 views

CVE-2024-9467

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft.

7CVSS7.6AI score0.00368EPSS

CVE•added 2019/03/26 11:29 p.m.•45 views

CVE-2019-1571

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.

4.8CVSS5AI score0.00692EPSS

CVE•added 2019/03/26 10:29 p.m.•41 views

CVE-2019-1570

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.

4.8CVSS5AI score0.00692EPSS

CVE•added 2019/03/26 10:29 p.m.•37 views

CVE-2019-1569

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.

4.8CVSS5.1AI score0.00692EPSS