A remote command injection vulnerability has been identified in Palo Alto Expedition (Migration Tool) . Expedition tool is used for moving firewall configurations from another vendor to Palo Alto’s product. It makes the conversion process easier to accomplish. MITRE has assigned CVE-2018-10143 for this vulnerability.
This vulnerability exists in convertCSVtoParquet.php which accepts user controlled input in a path parameter. A payload similar to the one shown below can be used to exploit this command injection vulnerability:
1:2:/tmp/log && COMMAND_INJECTION
Let’s replace COMMAND_INJECTION with a command of our choosing.
Next step is to run netcat in listen mode on a random port and wait for the output of the injected command in POST request.
Vendor has not confirmed the vulnerability. However customers can upgrade to the latest supported version of Expedition (Migration Tool).Customers are advised to scan their network remotely using QID#13385 to find vulnerable Expedition (Migration Tool) versions.