cbcvebase.
CVE-2021-3031
published 2021-01-13

CVE-2021-3031: Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series…

PriorityP419medium4.3CVSS 3.1
AVAACLPRNUINSUCLINAN
EPSS
0.54%
41.2th percentile
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.

Affected

4 ranges
VendorProductVersion rangeFixed in
paloaltopan-os
paloaltonetworkspan-os>= 8.1.0 < 8.1.188.1.18
paloaltonetworkspan-os>= 9.0.0 < 9.0.129.0.12
paloaltonetworkspan-os>= 9.1.0 < 9.1.59.1.5

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.