Lucene search

[email protected]CVE-2021-3032

HistoryJan 13, 2021 - 6:15 p.m.

CVE-2021-3032

2021-01-1318:15:14

CWE-532

[email protected]

web.nvd.nist.gov

cve-2021-3032

information exposure

log file vulnerability

pan-os

palo alto networks

nvd

configuration secrets

log forwarding server profiles

system log

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

Affected configurations

NVD

Node

paloaltonetworkspan-osRange8.1.0–8.1.18

paloaltonetworkspan-osRange9.0.0–9.0.12

paloaltonetworkspan-osRange9.1.0–9.1.4

paloaltonetworkspan-osRange10.0.0–10.0.1

CPENameOperatorVersion
paloaltonetworks:pan-ospaloaltonetworks pan-oslt8.1.18
paloaltonetworks:pan-ospaloaltonetworks pan-oslt9.0.12
paloaltonetworks:pan-ospaloaltonetworks pan-oslt9.1.4
paloaltonetworks:pan-ospaloaltonetworks pan-oslt10.0.1

CPE	Name	Operator	Version
paloaltonetworks:pan-os	paloaltonetworks pan-os	lt	8.1.18
paloaltonetworks:pan-os	paloaltonetworks pan-os	lt	9.0.12
paloaltonetworks:pan-os	paloaltonetworks pan-os	lt	9.1.4
paloaltonetworks:pan-os	paloaltonetworks pan-os	lt	10.0.1

CNA Affected

[
  {
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "8.1.18",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.18",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.0.12",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.12",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.1.4",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.1.4",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.0.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.0.1",
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      }
    ]
  }
]

References

security.paloaltonetworks.com/CVE-2021-3032

Social References

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2021-3032

prion1 paloalto1 nessus1 nvd1 cvelist1