cvelistv5 - CVE-2020-1977

CVE-2020-1977 (GCVE-0-2020-1977)

Vulnerability from cvelistv5 – Published: 2020-02-12 22:57 – Updated: 2024-09-17 01:01

Summary

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

palo_alto

References

URL

Tags

	https://security.paloaltonetworks.com/CVE-2020-1977	x_refsource_MISC
	https://www.tenable.com/security/research/tra-2020-11	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Palo Alto Networks	Expedition	Affected: 1.1 , ≤ 1.1.51 (custom)

Credits

Palo Alto Networks thanks Jimi Sebree of Tenable Research for discovering and responsibly reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2020-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Expedition",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.1.52",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.1.51",
              "status": "affected",
              "version": "1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Jimi Sebree of Tenable Research for discovering and responsibly reporting this issue."
        }
      ],
      "datePublic": "2020-02-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T18:06:04",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2020-11"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Expedition Migration Tool 1.1.52 and later versions."
        }
      ],
      "source": {
        "defect": [
          "MT-1593"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.",
      "workarounds": [
        {
          "lang": "en",
          "value": "To prevent the chance of malicious websites making forged requests to Expedition Migration Tool, you should access the tool exclusively from a web browser and log out after each use."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2020-02-12T17:00:00.000Z",
          "ID": "CVE-2020-1977",
          "STATE": "PUBLIC",
          "TITLE": "Expedition Migration Tool: Insufficient Cross Site Request Forgery protection."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Expedition",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.1",
                            "version_value": "1.1.51"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "1.1",
                            "version_value": "1.1.52"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Jimi Sebree of Tenable Research for discovering and responsibly reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2020-1977",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2020-11",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2020-11"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Expedition Migration Tool 1.1.52 and later versions."
          }
        ],
        "source": {
          "defect": [
            "MT-1593"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "To prevent the chance of malicious websites making forged requests to Expedition Migration Tool, you should access the tool exclusively from a web browser and log out after each use."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2020-1977",
    "datePublished": "2020-02-12T22:57:08.179851Z",
    "dateReserved": "2019-12-04T00:00:00",
    "dateUpdated": "2024-09-17T01:01:37.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:expedition_migration_tool:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.1\", \"versionEndIncluding\": \"1.1.51\", \"matchCriteriaId\": \"7F3A3127-6B1A-4F32-BAB8-8E177FF0038B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.\"}, {\"lang\": \"es\", \"value\": \"Una protecci\\u00f3n de Cross-Site Request Forgery (XSRF) insuficiente en Expedition Migration Tool, permite a atacantes remotos no autenticados secuestrar la autenticaci\\u00f3n de los administradores y ejecutar acciones en Expedition Migration Tool. Este problema afecta a Expedition Migration Tool versi\\u00f3n 1.1.51 y anteriores.\"}]",
      "id": "CVE-2020-1977",
      "lastModified": "2024-11-21T05:11:46.283",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-02-12T23:15:11.593",
      "references": "[{\"url\": \"https://security.paloaltonetworks.com/CVE-2020-1977\", \"source\": \"psirt@paloaltonetworks.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tenable.com/security/research/tra-2020-11\", \"source\": \"psirt@paloaltonetworks.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2020-1977\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tenable.com/security/research/tra-2020-11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "psirt@paloaltonetworks.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1977\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2020-02-12T23:15:11.593\",\"lastModified\":\"2024-11-21T05:11:46.283\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.\"},{\"lang\":\"es\",\"value\":\"Una protecci\u00f3n de Cross-Site Request Forgery (XSRF) insuficiente en Expedition Migration Tool, permite a atacantes remotos no autenticados secuestrar la autenticaci\u00f3n de los administradores y ejecutar acciones en Expedition Migration Tool. Este problema afecta a Expedition Migration Tool versi\u00f3n 1.1.51 y anteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:expedition_migration_tool:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1\",\"versionEndIncluding\":\"1.1.51\",\"matchCriteriaId\":\"7F3A3127-6B1A-4F32-BAB8-8E177FF0038B\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2020-1977\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/research/tra-2020-11\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2020-1977\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/research/tra-2020-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-089

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Palo Alto . Elles permettent à un attaquant de provoquer un déni de service, une élévation de privilèges et une injection de requêtes illégitimes par rebond (CSRF).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	N/A	GlobalProtect 5.0.x versions antérieures à 5.0.6
Palo Alto Networks	PAN-OS	PAN-OS 8.x versions antérieures à 8.1.12
Palo Alto Networks	PAN-OS	PAN-OS 9.x versions antérieures à 9.0.6
Palo Alto Networks	Expedition	Expedition Migration Tool versions antérieures à 1.1.52

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto 1 du 12 février 2020	None	vendor-advisory
Bulletin de sécurité Palo Alto 2 du 12 février 2020	None	vendor-advisory
Bulletin de sécurité Palo Alto 3 du 12 février 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect 5.0.x versions ant\u00e9rieures \u00e0 5.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS 8.x versions ant\u00e9rieures \u00e0 8.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS 9.x versions ant\u00e9rieures \u00e0 9.0.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Expedition Migration Tool versions ant\u00e9rieures \u00e0 1.1.52",
      "product": {
        "name": "Expedition",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1975"
    },
    {
      "name": "CVE-2020-1976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1976"
    },
    {
      "name": "CVE-2020-1977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1977"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-089",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Palo Alto . Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une \u00e9l\u00e9vation\nde privil\u00e8ges et une injection de requ\u00eates ill\u00e9gitimes par rebond\n(CSRF).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto 1 du 12 f\u00e9vrier 2020",
      "url": "https://security.paloaltonetworks.com/CVE-2020-1975"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto 2 du 12 f\u00e9vrier 2020",
      "url": "https://security.paloaltonetworks.com/CVE-2020-1976"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto 3 du 12 f\u00e9vrier 2020",
      "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
    }
  ]
}

CERTFR-2020-AVI-089

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	N/A	GlobalProtect 5.0.x versions antérieures à 5.0.6
Palo Alto Networks	PAN-OS	PAN-OS 8.x versions antérieures à 8.1.12
Palo Alto Networks	PAN-OS	PAN-OS 9.x versions antérieures à 9.0.6
Palo Alto Networks	Expedition	Expedition Migration Tool versions antérieures à 1.1.52

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto 1 du 12 février 2020	None	vendor-advisory
Bulletin de sécurité Palo Alto 2 du 12 février 2020	None	vendor-advisory
Bulletin de sécurité Palo Alto 3 du 12 février 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect 5.0.x versions ant\u00e9rieures \u00e0 5.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS 8.x versions ant\u00e9rieures \u00e0 8.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS 9.x versions ant\u00e9rieures \u00e0 9.0.6",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Expedition Migration Tool versions ant\u00e9rieures \u00e0 1.1.52",
      "product": {
        "name": "Expedition",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1975"
    },
    {
      "name": "CVE-2020-1976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1976"
    },
    {
      "name": "CVE-2020-1977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1977"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-089",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Palo Alto . Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une \u00e9l\u00e9vation\nde privil\u00e8ges et une injection de requ\u00eates ill\u00e9gitimes par rebond\n(CSRF).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto 1 du 12 f\u00e9vrier 2020",
      "url": "https://security.paloaltonetworks.com/CVE-2020-1975"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto 2 du 12 f\u00e9vrier 2020",
      "url": "https://security.paloaltonetworks.com/CVE-2020-1976"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto 3 du 12 f\u00e9vrier 2020",
      "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
    }
  ]
}

FKIE_CVE-2020-1977

Vulnerability from fkie_nvd - Published: 2020-02-12 23:15 - Updated: 2024-11-21 05:11

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2020-1977	Vendor Advisory
psirt@paloaltonetworks.com	https://www.tenable.com/security/research/tra-2020-11	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.paloaltonetworks.com/CVE-2020-1977	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2020-11	Third Party Advisory

Impacted products

	Vendor	Product	Version
	paloaltonetworks	expedition_migration_tool	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:expedition_migration_tool:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3A3127-6B1A-4F32-BAB8-8E177FF0038B",
              "versionEndIncluding": "1.1.51",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions."
    },
    {
      "lang": "es",
      "value": "Una protecci\u00f3n de Cross-Site Request Forgery (XSRF) insuficiente en Expedition Migration Tool, permite a atacantes remotos no autenticados secuestrar la autenticaci\u00f3n de los administradores y ejecutar acciones en Expedition Migration Tool. Este problema afecta a Expedition Migration Tool versi\u00f3n 1.1.51 y anteriores."
    }
  ],
  "id": "CVE-2020-1977",
  "lastModified": "2024-11-21T05:11:46.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-12T23:15:11.593",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
    },
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2020-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2020-11"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MVX2-HXJC-7FJW

Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-1977"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-12T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.",
  "id": "GHSA-mvx2-hxjc-7fjw",
  "modified": "2022-05-24T17:08:55Z",
  "published": "2022-05-24T17:08:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1977"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2020-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-1977

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-1977

Aliases

CVE-2020-1977

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-1977",
    "description": "Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.",
    "id": "GSD-2020-1977"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-1977"
      ],
      "details": "Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.",
      "id": "GSD-2020-1977",
      "modified": "2023-12-13T01:21:58.286388Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@paloaltonetworks.com",
        "DATE_PUBLIC": "2020-02-12T17:00:00.000Z",
        "ID": "CVE-2020-1977",
        "STATE": "PUBLIC",
        "TITLE": "Expedition Migration Tool: Insufficient Cross Site Request Forgery protection."
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Expedition",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.1",
                          "version_value": "1.1.51"
                        },
                        {
                          "version_affected": "!\u003e=",
                          "version_name": "1.1",
                          "version_value": "1.1.52"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Palo Alto Networks"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks thanks Jimi Sebree of Tenable Research for discovering and responsibly reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.paloaltonetworks.com/CVE-2020-1977",
            "refsource": "MISC",
            "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
          },
          {
            "name": "https://www.tenable.com/security/research/tra-2020-11",
            "refsource": "MISC",
            "url": "https://www.tenable.com/security/research/tra-2020-11"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "This issue is fixed in Expedition Migration Tool 1.1.52 and later versions."
        }
      ],
      "source": {
        "defect": [
          "MT-1593"
        ],
        "discovery": "EXTERNAL"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "To prevent the chance of malicious websites making forged requests to Expedition Migration Tool, you should access the tool exclusively from a web browser and log out after each use."
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:paloaltonetworks:expedition_migration_tool:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.51",
                "versionStartIncluding": "1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "ID": "CVE-2020-1977"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2020-1977"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2020-11",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/research/tra-2020-11"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-12-30T22:06Z",
      "publishedDate": "2020-02-12T23:15Z"
    }
  }
}

CNVD-2020-12737

Vulnerability from cnvd - Published: 2020-02-23

Title

Palo Alto Networks Expedition Migration Tool跨站请求伪造漏洞

Description

Palo Alto Networks Expedition Migration Tool是美国Palo Alto Networks公司的一款安全策略（配置）迁移工具。 Palo Alto Networks Expedition Migration Tool存在跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。

Severity

中

Patch Name

Palo Alto Networks Expedition Migration Tool跨站请求伪造漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://security.paloaltonetworks.com/CVE-2020-1977

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-1977

Impacted products

Name
Palo Alto Networks Expedition Migration Tool <=1.1.51

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1977"
    }
  },
  "description": "Palo Alto Networks Expedition Migration Tool\u662f\u7f8e\u56fdPalo Alto Networks\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u7b56\u7565\uff08\u914d\u7f6e\uff09\u8fc1\u79fb\u5de5\u5177\u3002\n\nPalo Alto Networks Expedition Migration Tool\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u672a\u5145\u5206\u9a8c\u8bc1\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u53ef\u4fe1\u7528\u6237\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d7\u5f71\u54cd\u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u53d1\u9001\u975e\u9884\u671f\u7684\u8bf7\u6c42\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://security.paloaltonetworks.com/CVE-2020-1977",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-12737",
  "openTime": "2020-02-23",
  "patchDescription": "Palo Alto Networks Expedition Migration Tool\u662f\u7f8e\u56fdPalo Alto Networks\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u7b56\u7565\uff08\u914d\u7f6e\uff09\u8fc1\u79fb\u5de5\u5177\u3002\r\n\r\nPalo Alto Networks Expedition Migration Tool\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u672a\u5145\u5206\u9a8c\u8bc1\u8bf7\u6c42\u662f\u5426\u6765\u81ea\u53ef\u4fe1\u7528\u6237\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d7\u5f71\u54cd\u5ba2\u6237\u7aef\u5411\u670d\u52a1\u5668\u53d1\u9001\u975e\u9884\u671f\u7684\u8bf7\u6c42\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Palo Alto Networks Expedition Migration Tool\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Palo Alto Networks Expedition Migration Tool \u003c=1.1.51"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1977",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-13",
  "title": "Palo Alto Networks Expedition Migration Tool\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-1977 (GCVE-0-2020-1977)

CERTFR-2020-AVI-089

Solution

CERTFR-2020-AVI-089

Solution

FKIE_CVE-2020-1977

GHSA-MVX2-HXJC-7FJW

GSD-2020-1977

CNVD-2020-12737

Tags

Sightings

Nomenclature