Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0105 Cross-Site Scripting in Expedition Migration Tool (PAN-SA-2019-0009) 16 April 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Palo Alto Expedition Operating System: Virtualisation Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-1574 Member content until: Thursday, May 16 2019 OVERVIEW Palo Alto Networks has addressed a cross-site scripting (XSS) vulnerability in the Expedition Migration Tool for versions 1.1.12 and earlier. [1] IMPACT The vendor provided the following detail on the vulnerability: "A cross-site scripting (XSS) vulnerability exist in the Palo Alto Networks Migration Tool ("Expedition"). (Ref # MT-1009/ CVE-2019-1574) Severity: Low" Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the Devices View. MITIGATION The vendor advises updating to Expedition 1.1.13 and later REFERENCES [1] Cross-Site Scripting in Expedition Migration Tool (PAN-SA-2019-0009) https://securityadvisories.paloaltonetworks.com/Home/Detail/147 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXLVIbWaOgq3Tt24GAQjMwBAAl5pAiaA23kK+Y4dLHWGDqA/QynAnwQJk HhYPSPuhqu+Rp1FJhuQFAvY9zvfYOhDWyZcMO3S307UCVE7+jT+bn/v/kblx4d7A EUsmFZZ6ccDZhysBELU2Ig3lIEossohwPRke91f77mNQ0Dh4N8u1lzMbdoWGCq1r 4SxIdz8oAm9nBqSdnakt78lwsOgSyzu24UIe50j6KtcI98GHeqfKS5YwH9hp+Ur5 9TbcsMzUbC7nKUyhByTHBk//NOGhDNqkWUa+h4SEBu9npN/Qd1/VmRAhiD6fhfKs y30AI3Qz5YZvlRwvDrejW+QVhqt9pO1LN0G1kmWqNYEtMYw3+QaHSe+J6y4vQB4p 4Dac0BEhdDzF7rRjw/lAg6enf380W2pMnfirP9MOH+FQwmC6wSA6QxXy6bthYaAH bFtGZfhjv16EHHCayfXGOeMRtByV287mFrvzxn3HrnM3JqopX2YGL7yDA5r2YEkc yt6leQ7x8N5zlujcXWDxW8jtx4v711Pi/QrQvBV2yPTeCRC6m+HFmWKg2cNjXzA3 oDRgfeiuB2C7JqCUlDtNBDOtj+KzhAwbbWNXB3HR9seGodaHSR09i3wdE3pkbqDx klWGwBCqOWwrRXM4XFy4sGUqAI/Syg+rB0dleOY/qTq+JCbzAnbFB3fcrGs/nZKL Fl89CD5uo4k= =cwaM -----END PGP SIGNATURE-----