CVE-2020-1977: 
Palo Alto Expedition vulnerability analysis and mitigation

Insufficient Cross-Site Request Forgery (XSRF) protection vulnerability was discovered in Palo Alto Networks' Expedition Migration Tool versions 1.1.51 and earlier. The vulnerability, identified as CVE-2020-1977, was discovered by Jimi Sebree of Tenable Research and disclosed on February 12, 2020. This security flaw allows remote unauthenticated attackers to hijack the authentication of administrators and perform unauthorized actions on the Expedition Migration Tool (Palo Alto Networks, Tenable Research).

The vulnerability received a CVSS v3.1 Base Score of 7.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability type is classified as CWE-352 (Cross-Site Request Forgery). Multiple endpoints were found to be vulnerable to CSRF attacks, including /bin/Objects.php, /bin/Snippets.php, /bin/authentication/projects/projects.php, and several others. The vulnerability allows attackers to perform various unauthorized actions when a victim user has an active session and is induced to trigger malicious requests (Palo Alto Networks, Tenable Research).

The vulnerability enables attackers to perform multiple unauthorized actions including creating arbitrary users, deleting existing users, uploading arbitrary files, compromising user credentials, and creating fake sessions on behalf of users. The impact affects confidentiality, integrity, and availability with HIGH severity ratings for all three aspects (Palo Alto Networks, Tenable Research).

The vulnerability has been fixed in Expedition Migration Tool version 1.1.52 and later versions. As a temporary workaround, users should access the tool exclusively from a web browser and log out after each use to prevent the chance of malicious websites making forged requests to Expedition Migration Tool (Palo Alto Networks).