cnvd - cnvd-2021-09503

cnvd-2021-09503

Vulnerability from cnvd

Title: Palo Alto Networks PAN-OS日志信息泄露漏洞（CNVD-2021-09503）

Description:

Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。

Palo Alto Networks PAN-OS存在信息泄露漏洞，该漏洞源于程序中的http、电子邮件和snmptrap v3日志转发服务器配置文件的配置秘密可以记录到logrcvr.log系统日志中。记录的信息可能包括多达1024字节的配置，包括加密形式的用户名和密码，以及在为日志转发服务器配置文件设置的任何证书配置文件中使用的私钥。目前没有详细的漏洞细节提供。

Severity: 低

Patch Name: Palo Alto Networks PAN-OS日志信息泄露漏洞（CNVD-2021-09503）的补丁

Patch Description:

Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://security.paloaltonetworks.com/CVE-2021-3032

Reference: https://vigilance.fr/vulnerability/Palo-Alto-PAN-OS-information-disclosure-via-Log-Forwarding-Configuration-Secrets-34320

Impacted products

Name
['Palo Alto Palo Alto Networks PAN-OS 9.1', 'Palo Alto Networks PAN-OS <8.1', 'Palo Alto Networks PAN-OS 9.0，<9.0.12']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-3032",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-3032"
    }
  },
  "description": "Palo Alto Networks PAN-OS\u662f\u7f8e\u56fdPalo Alto Networks\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u9632\u706b\u5899\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nPalo Alto Networks PAN-OS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4e2d\u7684http\u3001\u7535\u5b50\u90ae\u4ef6\u548csnmptrap v3\u65e5\u5fd7\u8f6c\u53d1\u670d\u52a1\u5668\u914d\u7f6e\u6587\u4ef6\u7684\u914d\u7f6e\u79d8\u5bc6\u53ef\u4ee5\u8bb0\u5f55\u5230logrcvr.log\u7cfb\u7edf\u65e5\u5fd7\u4e2d\u3002\u8bb0\u5f55\u7684\u4fe1\u606f\u53ef\u80fd\u5305\u62ec\u591a\u8fbe1024\u5b57\u8282\u7684\u914d\u7f6e\uff0c\u5305\u62ec\u52a0\u5bc6\u5f62\u5f0f\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u4ee5\u53ca\u5728\u4e3a\u65e5\u5fd7\u8f6c\u53d1\u670d\u52a1\u5668\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u7684\u4efb\u4f55\u8bc1\u4e66\u914d\u7f6e\u6587\u4ef6\u4e2d\u4f7f\u7528\u7684\u79c1\u94a5\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://security.paloaltonetworks.com/CVE-2021-3032",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-09503",
  "openTime": "2021-02-06",
  "patchDescription": "Palo Alto Networks PAN-OS\u662f\u7f8e\u56fdPalo Alto Networks\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u9632\u706b\u5899\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nPalo Alto Networks PAN-OS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4e2d\u7684http\u3001\u7535\u5b50\u90ae\u4ef6\u548csnmptrap v3\u65e5\u5fd7\u8f6c\u53d1\u670d\u52a1\u5668\u914d\u7f6e\u6587\u4ef6\u7684\u914d\u7f6e\u79d8\u5bc6\u53ef\u4ee5\u8bb0\u5f55\u5230logrcvr.log\u7cfb\u7edf\u65e5\u5fd7\u4e2d\u3002\u8bb0\u5f55\u7684\u4fe1\u606f\u53ef\u80fd\u5305\u62ec\u591a\u8fbe1024\u5b57\u8282\u7684\u914d\u7f6e\uff0c\u5305\u62ec\u52a0\u5bc6\u5f62\u5f0f\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u4ee5\u53ca\u5728\u4e3a\u65e5\u5fd7\u8f6c\u53d1\u670d\u52a1\u5668\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u7684\u4efb\u4f55\u8bc1\u4e66\u914d\u7f6e\u6587\u4ef6\u4e2d\u4f7f\u7528\u7684\u79c1\u94a5\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Palo Alto Networks PAN-OS\u65e5\u5fd7\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-09503\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Palo Alto Palo Alto Networks PAN-OS 9.1",
      "Palo Alto Networks PAN-OS \u003c8.1",
      "Palo Alto Networks PAN-OS 9.0\uff0c\u003c9.0.12"
    ]
  },
  "referenceLink": "https://vigilance.fr/vulnerability/Palo-Alto-PAN-OS-information-disclosure-via-Log-Forwarding-Configuration-Secrets-34320",
  "serverity": "\u4f4e",
  "submitTime": "2021-01-14",
  "title": "Palo Alto Networks PAN-OS\u65e5\u5fd7\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-09503\uff09"
}

CVE-2021-3032 (GCVE-0-2021-3032)

Vulnerability from cvelistv5

Published

2021-01-13 18:10

Modified

2024-09-16 22:45

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-532 - Information Exposure Through Log Files

Summary

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

References

▼	URL	Tags
	https://security.paloaltonetworks.com/CVE-2021-3032	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Palo Alto Networks	PAN-OS	Version: 8.1 < 8.1.18 Version: 9.0 < 9.0.12 Version: 9.1 < 9.1.4 Version: 10.0 < 10.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:50.784Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2021-3032"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "8.1.18",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.1.18",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.0.12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.0.12",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.1.4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.1.4",
              "status": "affected",
              "version": "9.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.0.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.0.1",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue is only applicable to PAN-OS devices configured to use log forwarding. You can verify this in the management web interface: Device -\u003e Log Settings."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was found by My Tran, Mai Phan, and Claire Zhou of Palo Alto Networks during internal security testing."
        }
      ],
      "datePublic": "2021-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the \u201chttp\u201d, \u201cemail\u201d, and \u201csnmptrap\u201d v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Information Exposure Through Log Files",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-13T18:10:13",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2021-3032"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "If the PAN-OS firewall is impacted, then you must clear the configuration file (/var/log/pan/logrcvr.log). This can be accomplished by running the following CLI command:\n  \"delete debug-log mp-log file logrcvr.log\".\n\nThis issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions."
        }
      ],
      "source": {
        "defect": [
          "PAN-149377"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-01-13T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Configuration secrets for log forwarding may be logged in system logs",
      "workarounds": [
        {
          "lang": "en",
          "value": "This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
          "ID": "CVE-2021-3032",
          "STATE": "PUBLIC",
          "TITLE": "PAN-OS: Configuration secrets for log forwarding may be logged in system logs"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PAN-OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.1",
                            "version_value": "8.1.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.0",
                            "version_value": "9.0.12"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.1",
                            "version_value": "9.1.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.0",
                            "version_value": "10.0.1"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "8.1",
                            "version_value": "8.1.18"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "9.0",
                            "version_value": "9.0.12"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "9.1",
                            "version_value": "9.1.4"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "10.0",
                            "version_value": "10.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue is only applicable to PAN-OS devices configured to use log forwarding. You can verify this in the management web interface: Device -\u003e Log Settings."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was found by My Tran, Mai Phan, and Claire Zhou of Palo Alto Networks during internal security testing."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the \u201chttp\u201d, \u201cemail\u201d, and \u201csnmptrap\u201d v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-532 Information Exposure Through Log Files"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2021-3032",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2021-3032"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "If the PAN-OS firewall is impacted, then you must clear the configuration file (/var/log/pan/logrcvr.log). This can be accomplished by running the following CLI command:\n  \"delete debug-log mp-log file logrcvr.log\".\n\nThis issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.4, PAN-OS 10.0.1, and all later PAN-OS versions."
          }
        ],
        "source": {
          "defect": [
            "PAN-149377"
          ],
          "discovery": "INTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-01-13T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "PAN-OS 10.0.0",
          "PAN-OS 10.0",
          "PAN-OS 9.1.3-h1",
          "PAN-OS 9.1.3",
          "PAN-OS 9.1.2-h1",
          "PAN-OS 9.1.2",
          "PAN-OS 9.1.1",
          "PAN-OS 9.1.0-h3",
          "PAN-OS 9.1.0-h2",
          "PAN-OS 9.1.0-h1",
          "PAN-OS 9.1.0",
          "PAN-OS 9.1",
          "PAN-OS 9.0.11",
          "PAN-OS 9.0.10",
          "PAN-OS 9.0.9-h1",
          "PAN-OS 9.0.9",
          "PAN-OS 9.0.8",
          "PAN-OS 9.0.7",
          "PAN-OS 9.0.6",
          "PAN-OS 9.0.5",
          "PAN-OS 9.0.4",
          "PAN-OS 9.0.3-h3",
          "PAN-OS 9.0.3-h2",
          "PAN-OS 9.0.3-h1",
          "PAN-OS 9.0.3",
          "PAN-OS 9.0.2-h4",
          "PAN-OS 9.0.2-h3",
          "PAN-OS 9.0.2-h2",
          "PAN-OS 9.0.2-h1",
          "PAN-OS 9.0.2",
          "PAN-OS 9.0.1",
          "PAN-OS 9.0.0",
          "PAN-OS 9.0",
          "PAN-OS 8.1.17",
          "PAN-OS 8.1.16",
          "PAN-OS 8.1.15-h3",
          "PAN-OS 8.1.15-h2",
          "PAN-OS 8.1.15-h1",
          "PAN-OS 8.1.15",
          "PAN-OS 8.1.14-h2",
          "PAN-OS 8.1.14-h1",
          "PAN-OS 8.1.14",
          "PAN-OS 8.1.13",
          "PAN-OS 8.1.12",
          "PAN-OS 8.1.11",
          "PAN-OS 8.1.10",
          "PAN-OS 8.1.9-h4",
          "PAN-OS 8.1.9-h3",
          "PAN-OS 8.1.9-h2",
          "PAN-OS 8.1.9-h1",
          "PAN-OS 8.1.9",
          "PAN-OS 8.1.8-h5",
          "PAN-OS 8.1.8-h4",
          "PAN-OS 8.1.8-h3",
          "PAN-OS 8.1.8-h2",
          "PAN-OS 8.1.8-h1",
          "PAN-OS 8.1.8",
          "PAN-OS 8.1.7",
          "PAN-OS 8.1.6-h2",
          "PAN-OS 8.1.6-h1",
          "PAN-OS 8.1.6",
          "PAN-OS 8.1.5",
          "PAN-OS 8.1.4",
          "PAN-OS 8.1.3",
          "PAN-OS 8.1.2",
          "PAN-OS 8.1.1",
          "PAN-OS 8.1.0",
          "PAN-OS 8.1"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2021-3032",
    "datePublished": "2021-01-13T18:10:13.785838Z",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-09-16T22:45:51.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted