CVE-2020-2048
published 2020-11-12CVE-2020-2048: An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed…
PriorityP412low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
EPSS
0.34%
25.9th percentile
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_aam | — | — |
| f5 | big-ip_afm | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_asm | — | — |
| f5 | big-ip_dns | — | — |
| f5 | big-ip_fps | — | — |
| f5 | big-ip_gtm | — | — |
| f5 | big-ip_link_controller | — | — |
| f5 | big-ip_ltm | — | — |
| f5 | big-ip_pem | — | — |
| f5 | big-iq | — | — |
| juniper | junos_os | — | — |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.17 | 8.1.17 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.11 | 9.0.11 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.2 | 9.1.2 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.17 | 8.1.17 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.11 | 9.0.11 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.2 | 9.1.2 |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8cx5-6hgh-w2wv: An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be
ghsa_unreviewed·2022-05-24
CVE-2020-2048 [LOW] CWE-532 GHSA-8cx5-6hgh-w2wv: An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.
Palo Alto
PAN-OS: System proxy passwords may be logged in clear text while viewing system state
vendor_paloalto·2020-11-11·CVSS 3.3
CVE-2020-2048 [LOW] CWE-532 PAN-OS: System proxy passwords may be logged in clear text while viewing system state
PAN-OS: System proxy passwords may be logged in clear text while viewing system state
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.17, PAN-OS 9.0.11, PAN-OS 9.1.2, and all later PAN-OS versions.
Workaround: This issue impacts the management web interface. You can mitigate the impact of this issue by following best practices for securing the interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices.
F5
CVE-2020-5917: In BIG-IP versions 15
vendor_f5·2020-08-26·CVSS 5.9
CVE-2020-5917 [MEDIUM] CWE-326 CVE-2020-5917: In BIG-IP versions 15
CVE-2020-5917: In BIG-IP versions 15
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.
Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP FPS, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IQ
Affected Versions: 11.6.1 - 11.6.5; 12.1.0 - 12.1.5.2; 13.1.0 - 13.1.3; 14.1.0 - 14.1.2.4; 15.0.0 - 15.0.1.4; 15.1.0 - 15.1.0.5; 5.2.0 - 5.4.0; 6.0.0 - 6.1.0; 7.0.0
F5 Advisory Articles: K43404629
F5 References: https://support.f5.com/csp/article/K43404629
No detection rules found.
2020-11-12
Published