CVE-2020-2044Log File Information Exposure in Palo Alto Networks Pan-os

CWE-532Log File Information Exposure4 documents4 sources
Severity
3.3LOWNVD
EPSS
0.2%
top 54.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedSep 9
Latest updateMay 24

Description

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and lat

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

NVDpaloaltonetworks/pan-os8.1.08.1.16+3
CVEListV5palo_alto_networks/pan-os8.18.1.16+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-r365-86rw-9xxw: An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext whi2022-05-24
CVEList
PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history2020-09-09

📋Vendor Advisories

1
Palo Alto
PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history2020-09-09
CVE-2020-2044 — Log File Information Exposure in Palo | cvebase