CVE-2018-10143

Exploit

EPSS 28.14%
Veröffentlicht 12.12.2018 00:29:00
Zuletzt bearbeitet 21.11.2024 03:40:55
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Expedition Version1.0.107

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	28.14%	0.963

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.securityfocus.com/bid/106174

Third Party Advisory

VDB Entry

https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition/

Third Party Advisory

Exploit

https://security.paloaltonetworks.com/CVE-2018-10143

https://nvd.nist.gov/vuln/detail/CVE-2018-10143

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-10143

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-10143

EUVD