Vulnerabilites related to Palo Alto Networks - Palo Alto Networks Expedition
CVE-2018-10143 (GCVE-0-2018-10143)
Vulnerability from cvelistv5
Published
2018-12-12 00:00
Modified
2024-08-05 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Palo Alto Networks Expedition |
Version: Expedition 1.0.107 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-10143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Expedition",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "affected",
"version": "Expedition 1.0.107 and earlier"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:46",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"name": "106174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-10143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2018-10143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Expedition",
"version": {
"version_data": [
{
"version_value": "Expedition 1.0.107 and earlier"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106174"
},
{
"name": "https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition/",
"refsource": "MISC",
"url": "https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition/"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2018-10143",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2018-10143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2018-10143",
"datePublished": "2018-12-12T00:00:00",
"dateReserved": "2018-04-16T00:00:00",
"dateUpdated": "2024-08-05T07:32:01.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10142 (GCVE-0-2018-10142)
Vulnerability from cvelistv5
Published
2018-11-27 21:00
Modified
2024-08-05 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Palo Alto Networks Expedition |
Version: Expedition 1.0.106 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106069",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-10142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Expedition",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "affected",
"version": "Expedition 1.0.106 and earlier"
}
]
}
],
"datePublic": "2018-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:46",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"name": "106069",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-10142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2018-10142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Expedition",
"version": {
"version_data": [
{
"version_value": "Expedition 1.0.106 and earlier"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106069"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2018-10142",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2018-10142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2018-10142",
"datePublished": "2018-11-27T21:00:00",
"dateReserved": "2018-04-16T00:00:00",
"dateUpdated": "2024-08-05T07:32:01.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}