Vulnerability Description
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Expedition Migration Tool | >= 1.1, <= 1.1.51 |
Related Weaknesses (CWE)
References
- https://security.paloaltonetworks.com/CVE-2020-1977Vendor Advisory
- https://www.tenable.com/security/research/tra-2020-11Third Party Advisory
- https://security.paloaltonetworks.com/CVE-2020-1977Vendor Advisory
- https://www.tenable.com/security/research/tra-2020-11Third Party Advisory
FAQ
What is CVE-2020-1977?
CVE-2020-1977 is a vulnerability with a CVSS score of 7.5 (HIGH). Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on ...
How severe is CVE-2020-1977?
CVE-2020-1977 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1977?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Expedition Migration Tool.