CVE-2021-3032Log File Information Exposure in Palo Alto Networks Pan-os

CWE-532Log File Information Exposure4 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 90.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedJan 13
Latest updateMay 24

Description

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versio

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

NVDpaloaltonetworks/pan-os8.1.08.1.18+3
CVEListV5palo_alto_networks/pan-os8.18.1.18+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-mpr2-984f-35c4: An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email2022-05-24
CVEList
PAN-OS: Configuration secrets for log forwarding may be logged in system logs2021-01-13

📋Vendor Advisories

1
Palo Alto
PAN-OS: Configuration secrets for log forwarding may be logged in system logs2021-01-13
CVE-2021-3032 — Log File Information Exposure in Palo | cvebase