CVE-2020-1977 HIGH

CVE-2020-1977: Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.

Vendor Palo Alto Networks
Product Expedition
Weakness CWE-352 · CSRF
Published February 12, 2020
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

Key dates

02Disclosure timeline

February 12, 2020 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-23820 WordPress Content Security Policy Pro plugin <= 1.3.5 - CSRF to Stored XSS vulnerability CVE-2024-50534 WordPress World Prayer Time plugin <= 2.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-49340 IBM Watson Studio Local cross-site request forgery CVE-2025-39544 WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability CVE-2025-58860 WordPress Enable Latex Plugin <= 1.2.16 - Cross Site Request Forgery (CSRF) Vulnerability