Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0306
Security update for Palo Alto Networks Migration Tool
12 December 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Palo Alto Expedition
Operating System: Virtualisation
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-10143
Member content until: Friday, January 11 2019
OVERVIEW
Palo Alto Networks has addressed a remote code execution
vulnerability in the Palo Alto Networks Migration Tool ("Expedition").
The vendor has advised the issue affects the following versions:
- Expedition 1.0.107 and earlier
"This issue does not affect PAN-OS or any other supported product
or service." [1]
IMPACT
The vendor provided the following detail on the vulnerability:
"Successful exploitation of this issue may allow an unauthenticated
attacker with remote access to run system level commands on the device
hosting this service/application."
MITIGATION
The vendor advises updating to Expedition 1.0.108 or later to address
this issue. [1]
REFERENCES
[1] PAN-SA-2018-0017
https://securityadvisories.paloaltonetworks.com/Home/Detail/138
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXBBZQGaOgq3Tt24GAQhD7hAAk2UBBOZb2tm89g/r2i2f+nq8lHhjMrEv
a3VJ0afw4xsAFHT0i8PMitLI0Z6DVxAi5hhdByMi5lMWUfCHTIlnK3Ehtq4RXd6o
cWwL1st4YasNLLBtbK+6M6E6oF2xCLBdRC6vthlhpbZVru5XJp6Jzjnscb3RjIcS
oMzdFUaGpPXwKz4RhVdVGUn8IR2bIrybkDAfCZ/knllyklqK+AGG0H/rdz1YlKGN
m9S/Pb/R78UWzP4rXjDlX99kzgQFara4/iVMl2LbrhjDVp4TTaMbC6qNv8kyOSeE
i9Odp+eX8+lZT4iZFhWi8nXambudVb09Ohe6I9F43X11zo/7076SyUVgzy+A/VKf
mbl0cX7drwBK/YbrNeR8LLtjx2+zeyP+fgzEZ1cQFSOFwIkIiJUmjLNot6tIJAwD
i7cnaTwTaR2sy+Yf6GnzAl5a//qNftki6IajktpDUD5uilmUU0/NxZ5A8qgH07uk
e6NJb+qs/cJbWjsBGgbKI4bpvewN8Zwo3BvWYRFPD2hnpOuXs+3/tcM4tjdfyiLg
XahQBMAMee40ODfCoVp4hmxOjUwflbWMz8R+OuAkbJ1FkQDpdeqP5+fyjeJizdtK
+mZ4cHX2ZaN8WCNoCGcccrRTVje/YiGoi9rsZPPtBKFqbH4nS92luekgI0y9ZZEk
6ZPjVbF7bKI=
=UO45
-----END PGP SIGNATURE-----