CVE-2021-3031Sensitive Information Exposure in Palo Alto Networks Pan-os

CWE-200Sensitive Information ExposureCWE-212Improper Removal of Sensitive Information Before Storage or Transfer4 documents4 sources
Severity
4.3MEDIUMNVD
CNA5.0
EPSS
0.1%
top 74.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedJan 13
Latest updateMay 24

Description

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detecte

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDpaloaltonetworks/pan-os8.1.08.1.18+2
CVEListV5palo_alto_networks/pan-os8.18.1.18+2
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-v97c-wm3x-xr3x: Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Serie2022-05-24
CVEList
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)2021-01-13

📋Vendor Advisories

1
Palo Alto
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)2021-01-13
CVE-2021-3031 — Sensitive Information Exposure in Palo | cvebase