Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0001Sensitive Information Exposure in Kernel

CWE-200Sensitive Information ExposureCWE-399CWE-212Improper Removal of Sensitive Information Before Storage or TransferCWE-226Sensitive Information in Resource Not Removed Before Reuse22 documents8 sources
Severity
6.5MEDIUMNVD
NVD5.0NVD4.3
EPSS
3.4%
top 12.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
11
Juniper Networks Junos OSJuniper JunosPaloaltonetworks Pan-os+8 more
Timeline
PublishedJan 17
Latest updateJul 21

Description

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages9 packages

NVDpaloaltonetworks/pan-os8.1.08.1.18+2
CVEListV5juniper_networks/junos_osunspecified18.4R3-S11+16
NVDlinux/linux_kernel20 versions+19
NVDjuniper/junos< 18.4+18
Palo Altopaloalto/pan-os

Also affects: Netbsd 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, Freebsd 4.2, 4.3, 4.4, 4.5, 4.6, 4.7

🔴Vulnerability Details

5
GHSA
GHSA-8r8m-8qj7-8fm2: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series al2022-07-21
GHSA
GHSA-v97c-wm3x-xr3x: Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Serie2022-05-24
GHSA
GHSA-hx48-9j3f-rqqx: Juniper Junos 102022-05-17
GHSA
GHSA-xgmx-gwqj-mmc5: Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from pr2022-05-13
GHSA
GHSA-945x-53jf-h5qf: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information f2022-04-29

💥Exploits & PoCs

5
Exploit-DB
Cisco ASA < 8.4.4.6 < 8.2.5.32 - Ethernet Information Leak2013-06-10
Exploit-DB
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure2007-03-23
Exploit-DB
Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage2007-03-23
Exploit-DB
Mercury/32 Mail Server 4.01a - 'check' Buffer Overflow2004-12-01
Exploit-DB
NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC)2003-09-08

📋Vendor Advisories

5
Juniper
CVE-2022-22216: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series al2022-07-20
Palo Alto
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)2021-01-13
Juniper
CVE-2018-0014: Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from pr2018-01-10
Juniper
CVE-2013-4690: Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX2013-07-11
Red Hat
cisco: information leak in ethernet frames.2003-01-06

📐Framework References

1
CWE
Sensitive Information in Resource Not Removed Before Reuse

💬Community

1
Bugzilla
CVE-2003-0001 : cisco: information leak in ethernet frames.2018-08-16
CVE-2003-0001 — Sensitive Information Exposure | cvebase