CVE-2021-3032
Summary
| CVE | CVE-2021-3032 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-13 18:15:00 UTC |
| Updated | 2021-01-19 23:05:00 UTC |
| Description | An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Paloaltonetworks | Pan-os | All | All | All | All |
| Operating System | Paloaltonetworks | Pan-os | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2021-3032 PAN-OS: Configuration secrets for log forwarding may be logged in system logs | CONFIRM | security.paloaltonetworks.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: This issue was found by My Tran, Mai Phan, and Claire Zhou of Palo Alto Networks during internal security testing.
There are currently no legacy QID mappings associated with this CVE.