Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0291.2 Information Disclosure in Expedition Migration Tool 21 November 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Palo Alto Expedition Operating System: Virtualisation Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-10142 Member content until: Friday, December 21 2018 Reference: https://securityadvisories.paloaltonetworks.com/Home/Detail/135 Revision History: November 21 2018: Updated product tag November 21 2018: Initial Release OVERVIEW Palo Alto Networks has addressed an information disclosure vulnerability in the Palo Alto Networks Migration Tool ("Expedition"). The vendor has advised the issue affects the following versions: - Expedition 1.0.106 and earlier "This issue does not affect PAN-OS or any other supported product or service." [1] IMPACT The vendor provided the following detail on the vulnerability: "Successful exploitation of this issue may allow an unauthenticated attacker to enumerate files on the operating system." [1] MITIGATION The following updates are available from the vendor: - Expedition 1.0.107 and later REFERENCES [1] PAN-SA-2018-0016 Information Disclosure in Expedition Migration Tool https://securityadvisories.paloaltonetworks.com/Home/Detail/135 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW/UHEWaOgq3Tt24GAQjfHw/+LkCpbq8cmQOhWj2xz/zDLn2H5kzZsqeh l1Cro0Vr0wJCMUs6XUdMrrfqu9Oh3wtN3NSiihYG2Nz5RoI1PyL82aKfSMxktlqC XkxDuu2YXqZvSRyfcWYKpN+nTJk+ESi3L4h+VN6NkKQN/8IwDgrrPrQMsRLlgmDl cBFQFIA1PXcjKg35HK82RO92KwGlgd3P5ly0XpJfElQRM8v8vsKpQvLYGtT0L7ae FOGH/yPTinqnFPJVOhL5S6J/hMWlquJmeNL8XpnwtR8akXfhDUn/YDFlLZbP2Fgq 2ixBSx6tsFYsKLdh4YdQdO8u8tFGrrYbPkGqvw7OhEN7qRYX8s6Nic2mYu+R3fWl dHWyPmfzlfOthaJfezPPZG5cCj+7lGGScnIZXy7oFIkoI3f+1IGCrDmZy/nKLh0Q FSq5TpYalKkjI9f2V3m6bTGUKALIPyhEko4qUi3g50qXmc7caFiNWnxqJ47dAzPL lkQXHTF9nd+iiENhXyMRwev3D9XU+bB6Cj65f49f9JKzsaFqGgPG/UPgOCUUbo+T 0bcOoufk3bxmcNo/9qBsvHuSlFKD9ff+hh7TGJrIDe7dI+vkzaBuDM841cRnYxFf 3rT+4lLTi8hRXv9dFQ6V1Rvh+NIPLun59JxcN/Xbj2HBYSJasMQobNKRgYr/vugt vxWhpxSeMqQ= =Jy4L -----END PGP SIGNATURE-----