CVE-2020-2048Log File Information Exposure in Palo Alto Networks Pan-os

CWE-532Log File Information ExposureCWE-400Uncontrolled Resource ConsumptionCWE-401Missing Release of Memory after Effective LifetimeCWE-326Inadequate Encryption Strength8 documents8 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 82.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedNov 12
Latest updateMay 24

Description

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

NVDpaloaltonetworks/pan-os8.1.08.1.17+2
CVEListV5palo_alto_networks/pan-os8.18.1.17+2
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-8cx5-6hgh-w2wv: An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be2022-05-24
CVEList
PAN-OS: System proxy passwords may be logged in clear text while viewing system state2020-11-12

💥Exploits & PoCs

1
Exploit-DB
HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account2020-02-05

📋Vendor Advisories

2
Palo Alto
PAN-OS: System proxy passwords may be logged in clear text while viewing system state2020-11-11
F5
CVE-2020-5917: In BIG-IP versions 152020-08-26

💬Community

1
Bugzilla
CVE-2020-12397 Mozilla: Sender Email Address Spoofing using encoded Unicode characters2020-05-06
CVE-2020-2048 — Log File Information Exposure in Palo | cvebase