Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0306 Security update for Palo Alto Networks Migration Tool 12 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Palo Alto Expedition Operating System: Virtualisation Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-10143 Member content until: Friday, January 11 2019 OVERVIEW Palo Alto Networks has addressed a remote code execution vulnerability in the Palo Alto Networks Migration Tool ("Expedition"). The vendor has advised the issue affects the following versions: - Expedition 1.0.107 and earlier "This issue does not affect PAN-OS or any other supported product or service." [1] IMPACT The vendor provided the following detail on the vulnerability: "Successful exploitation of this issue may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application." MITIGATION The vendor advises updating to Expedition 1.0.108 or later to address this issue. [1] REFERENCES [1] PAN-SA-2018-0017 https://securityadvisories.paloaltonetworks.com/Home/Detail/138 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXBBZQGaOgq3Tt24GAQhD7hAAk2UBBOZb2tm89g/r2i2f+nq8lHhjMrEv a3VJ0afw4xsAFHT0i8PMitLI0Z6DVxAi5hhdByMi5lMWUfCHTIlnK3Ehtq4RXd6o cWwL1st4YasNLLBtbK+6M6E6oF2xCLBdRC6vthlhpbZVru5XJp6Jzjnscb3RjIcS oMzdFUaGpPXwKz4RhVdVGUn8IR2bIrybkDAfCZ/knllyklqK+AGG0H/rdz1YlKGN m9S/Pb/R78UWzP4rXjDlX99kzgQFara4/iVMl2LbrhjDVp4TTaMbC6qNv8kyOSeE i9Odp+eX8+lZT4iZFhWi8nXambudVb09Ohe6I9F43X11zo/7076SyUVgzy+A/VKf mbl0cX7drwBK/YbrNeR8LLtjx2+zeyP+fgzEZ1cQFSOFwIkIiJUmjLNot6tIJAwD i7cnaTwTaR2sy+Yf6GnzAl5a//qNftki6IajktpDUD5uilmUU0/NxZ5A8qgH07uk e6NJb+qs/cJbWjsBGgbKI4bpvewN8Zwo3BvWYRFPD2hnpOuXs+3/tcM4tjdfyiLg XahQBMAMee40ODfCoVp4hmxOjUwflbWMz8R+OuAkbJ1FkQDpdeqP5+fyjeJizdtK +mZ4cHX2ZaN8WCNoCGcccrRTVje/YiGoi9rsZPPtBKFqbH4nS92luekgI0y9ZZEk 6ZPjVbF7bKI= =UO45 -----END PGP SIGNATURE-----