cve-2021-3032
Vulnerability from cvelistv5
Published
2021-01-13 00:00
Modified
2024-08-03 16:45
Severity
Summary
PAN-OS: Configuration secrets for log forwarding may be logged in system logs
References
| Source | URL | Tags |
|---|---|---|
| psirt@paloaltonetworks.com | https://security.paloaltonetworks.com/CVE-2021-3032 | Vendor Advisory |
Impacted products
| Vendor | Product |
|---|---|
| Palo Alto Networks | PAN-OS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "8.1.18",
"status": "unaffected"
}
],
"lessThan": "8.1.18",
"status": "affected",
"version": "8.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.0.12",
"status": "unaffected"
}
],
"lessThan": "9.0.12",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.1.4",
"status": "unaffected"
}
],
"lessThan": "9.1.4",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.0.1",
"status": "unaffected"
}
],
"lessThan": "10.0.1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue is only applicable to PAN-OS devices configured to use log forwarding. You can verify this in the management web interface: Device -\u003e Log Settings."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by My Tran, Mai Phan, and Claire Zhou of Palo Alto Networks during internal security testing."
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the \u201chttp\u201d, \u201cemail\u201d, and \u201csnmptrap\u201d v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T18:10:13",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3032"
}
],
"solutions": [
{
"lang": "en",
"value": "If the PAN-OS firewall is impacted, then you must clear the configuration file (/var/log/pan/logrcvr.log). This can be accomplished by running the following CLI command:\n \"delete debug-log mp-log file logrcvr.log\".\n\nThis issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-149377"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-01-13T00:00:00",
"value": "Initial publication"
}
],
"title": "PAN-OS: Configuration secrets for log forwarding may be logged in system logs",
"workarounds": [
{
"lang": "en",
"value": "This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
"ID": "CVE-2021-3032",
"STATE": "PUBLIC",
"TITLE": "PAN-OS: Configuration secrets for log forwarding may be logged in system logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.18"
},
{
"version_affected": "\u003c",
"version_name": "9.0",
"version_value": "9.0.12"
},
{
"version_affected": "\u003c",
"version_name": "9.1",
"version_value": "9.1.4"
},
{
"version_affected": "\u003c",
"version_name": "10.0",
"version_value": "10.0.1"
},
{
"version_affected": "!\u003e=",
"version_name": "8.1",
"version_value": "8.1.18"
},
{
"version_affected": "!\u003e=",
"version_name": "9.0",
"version_value": "9.0.12"
},
{
"version_affected": "!\u003e=",
"version_name": "9.1",
"version_value": "9.1.4"
},
{
"version_affected": "!\u003e=",
"version_name": "10.0",
"version_value": "10.0.1"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue is only applicable to PAN-OS devices configured to use log forwarding. You can verify this in the management web interface: Device -\u003e Log Settings."
}
],
"credit": [
{
"lang": "eng",
"value": "This issue was found by My Tran, Mai Phan, and Claire Zhou of Palo Alto Networks during internal security testing."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the \u201chttp\u201d, \u201cemail\u201d, and \u201csnmptrap\u201d v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3032",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3032"
}
]
},
"solution": [
{
"lang": "en",
"value": "If the PAN-OS firewall is impacted, then you must clear the configuration file (/var/log/pan/logrcvr.log). This can be accomplished by running the following CLI command:\n \"delete debug-log mp-log file logrcvr.log\".\n\nThis issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-149377"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-01-13T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"PAN-OS 10.0.0",
"PAN-OS 10.0",
"PAN-OS 9.1.3-h1",
"PAN-OS 9.1.3",
"PAN-OS 9.1.2-h1",
"PAN-OS 9.1.2",
"PAN-OS 9.1.1",
"PAN-OS 9.1.0-h3",
"PAN-OS 9.1.0-h2",
"PAN-OS 9.1.0-h1",
"PAN-OS 9.1.0",
"PAN-OS 9.1",
"PAN-OS 9.0.11",
"PAN-OS 9.0.10",
"PAN-OS 9.0.9-h1",
"PAN-OS 9.0.9",
"PAN-OS 9.0.8",
"PAN-OS 9.0.7",
"PAN-OS 9.0.6",
"PAN-OS 9.0.5",
"PAN-OS 9.0.4",
"PAN-OS 9.0.3-h3",
"PAN-OS 9.0.3-h2",
"PAN-OS 9.0.3-h1",
"PAN-OS 9.0.3",
"PAN-OS 9.0.2-h4",
"PAN-OS 9.0.2-h3",
"PAN-OS 9.0.2-h2",
"PAN-OS 9.0.2-h1",
"PAN-OS 9.0.2",
"PAN-OS 9.0.1",
"PAN-OS 9.0.0",
"PAN-OS 9.0",
"PAN-OS 8.1.17",
"PAN-OS 8.1.16",
"PAN-OS 8.1.15-h3",
"PAN-OS 8.1.15-h2",
"PAN-OS 8.1.15-h1",
"PAN-OS 8.1.15",
"PAN-OS 8.1.14-h2",
"PAN-OS 8.1.14-h1",
"PAN-OS 8.1.14",
"PAN-OS 8.1.13",
"PAN-OS 8.1.12",
"PAN-OS 8.1.11",
"PAN-OS 8.1.10",
"PAN-OS 8.1.9-h4",
"PAN-OS 8.1.9-h3",
"PAN-OS 8.1.9-h2",
"PAN-OS 8.1.9-h1",
"PAN-OS 8.1.9",
"PAN-OS 8.1.8-h5",
"PAN-OS 8.1.8-h4",
"PAN-OS 8.1.8-h3",
"PAN-OS 8.1.8-h2",
"PAN-OS 8.1.8-h1",
"PAN-OS 8.1.8",
"PAN-OS 8.1.7",
"PAN-OS 8.1.6-h2",
"PAN-OS 8.1.6-h1",
"PAN-OS 8.1.6",
"PAN-OS 8.1.5",
"PAN-OS 8.1.4",
"PAN-OS 8.1.3",
"PAN-OS 8.1.2",
"PAN-OS 8.1.1",
"PAN-OS 8.1.0",
"PAN-OS 8.1"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3032",
"datePublished": "2021-01-13T00:00:00",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T16:45:50.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3032\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2021-01-13T18:15:14.883\",\"lastModified\":\"2021-01-19T23:05:46.963\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the \u201chttp\u201d, \u201cemail\u201d, and \u201csnmptrap\u201d v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.\"},{\"lang\":\"es\",\"value\":\"Se presenta una exposici\u00f3n de informaci\u00f3n mediante una vulnerabilidad del archivo de registro en el software PAN-OS de Palo Alto Networks, donde los secretos de configuraci\u00f3n para los perfiles del servidor de reenv\u00edo de registros V3 \u201chttp\u201d, \u201cemail\u201d, y \u201csnmptrap\u201d pueden ser registrados en el registro del sistema logrcvr.log.\u0026#xa0;La informaci\u00f3n registrada puede incluir hasta 1024 bytes de la configuraci\u00f3n, incluyendo el nombre de usuario y la contrase\u00f1a en forma cifrada y las claves privadas usadas en cualquier perfil de certificado establecido para perfiles de servidor de reenv\u00edo de registros.\u0026#xa0;Este problema afecta: PAN-OS 8.1 versiones anteriores a PAN-OS 8.1.18;\u0026#xa0;PAN-OS 9.0 versiones anteriores a PAN-OS 9.0.12;\u0026#xa0;PAN-OS 9.1 versiones anteriores a PAN-OS 9.1.4;\u0026#xa0;PAN-OS 10.0 versiones anteriores a PAN-OS 10.0.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.1},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.18\",\"matchCriteriaId\":\"33293775-DC4C-41E0-89CD-B15F4B73D130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.12\",\"matchCriteriaId\":\"9DABB61F-8BFA-4476-9A59-E0DC68873022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0\",\"versionEndExcluding\":\"9.1.4\",\"matchCriteriaId\":\"F307ABF3-27DB-4C76-A488-60E1F6A6D17F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.1\",\"matchCriteriaId\":\"09926771-7377-487B-B660-809265E7D8A2\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3032\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...