cve-2021-3031
Vulnerability from cvelistv5
Published
2021-01-13 18:10
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | PAN-OS |
Version: 8.1 < 8.1.18 Version: 9.0 < 9.0.12 Version: 9.1 < 9.1.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:45:50.688Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2021-3031", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200", ], product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { lessThan: "8.1.18", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "9.0.12", status: "affected", version: "9.0", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "10.0.*", }, { lessThan: "8.1*", status: "unaffected", version: "8.1.18", versionType: "custom", }, { lessThan: "9.0*", status: "unaffected", version: "9.0.12", versionType: "custom", }, { lessThan: "9.1*", status: "unaffected", version: "9.1.5", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue was found by a customer of Palo Alto Networks during a security review.", }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.", }, ], exploits: [ { lang: "en", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Information Exposure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T18:10:13", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security.paloaltonetworks.com/CVE-2021-3031", }, ], solutions: [ { lang: "en", value: "This issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.5, and all later PAN-OS versions.", }, ], source: { defect: [ "PAN-124681", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2021-01-13T00:00:00", value: "Initial publication", }, ], title: "PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)", workarounds: [ { lang: "en", value: "There is no workaround to prevent the information leak in the Ethernet packets; however, restricting access to the networks mitigates the risk of this issue.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@paloaltonetworks.com", DATE_PUBLIC: "2021-01-13T17:00:00.000Z", ID: "CVE-2021-3031", STATE: "PUBLIC", TITLE: "PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "PAN-OS", version: { version_data: [ { platform: "PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200", version_affected: "<", version_name: "8.1", version_value: "8.1.18", }, { platform: "PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200", version_affected: "<", version_name: "9.0", version_value: "9.0.12", }, { platform: "PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200", version_affected: "<", version_name: "9.1", version_value: "9.1.5", }, { version_affected: "!>=", version_name: "8.1", version_value: "8.1.18", }, { version_affected: "!>=", version_name: "9.0", version_value: "9.0.12", }, { version_affected: "!>=", version_name: "9.1", version_value: "9.1.5", }, { version_affected: "!", version_name: "10.0", version_value: "10.0.*", }, ], }, }, ], }, vendor_name: "Palo Alto Networks", }, ], }, }, credit: [ { lang: "eng", value: "This issue was found by a customer of Palo Alto Networks during a security review.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.", }, ], }, exploit: [ { lang: "en", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200 Information Exposure", }, ], }, ], }, references: { reference_data: [ { name: "https://security.paloaltonetworks.com/CVE-2021-3031", refsource: "MISC", url: "https://security.paloaltonetworks.com/CVE-2021-3031", }, ], }, solution: [ { lang: "en", value: "This issue is fixed in PAN-OS 8.1.18, PAN-OS 9.0.12, PAN-OS 9.1.5, and all later PAN-OS versions.", }, ], source: { defect: [ "PAN-124681", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2021-01-13T00:00:00", value: "Initial publication", }, ], work_around: [ { lang: "en", value: "There is no workaround to prevent the information leak in the Ethernet packets; however, restricting access to the networks mitigates the risk of this issue.", }, ], x_advisoryEoL: false, x_affectedList: [ "PAN-OS 9.1.4", "PAN-OS 9.1.3-h1", "PAN-OS 9.1.3", "PAN-OS 9.1.2-h1", "PAN-OS 9.1.2", "PAN-OS 9.1.1", "PAN-OS 9.1.0-h3", "PAN-OS 9.1.0-h2", "PAN-OS 9.1.0-h1", "PAN-OS 9.1.0", "PAN-OS 9.1", "PAN-OS 9.0.11", "PAN-OS 9.0.10", "PAN-OS 9.0.9-h1", "PAN-OS 9.0.9", "PAN-OS 9.0.8", "PAN-OS 9.0.7", "PAN-OS 9.0.6", "PAN-OS 9.0.5", "PAN-OS 9.0.4", "PAN-OS 9.0.3-h3", "PAN-OS 9.0.3-h2", "PAN-OS 9.0.3-h1", "PAN-OS 9.0.3", "PAN-OS 9.0.2-h4", "PAN-OS 9.0.2-h3", "PAN-OS 9.0.2-h2", "PAN-OS 9.0.2-h1", "PAN-OS 9.0.2", "PAN-OS 9.0.1", "PAN-OS 9.0.0", "PAN-OS 9.0", "PAN-OS 8.1.17", "PAN-OS 8.1.16", "PAN-OS 8.1.15-h3", "PAN-OS 8.1.15-h2", "PAN-OS 8.1.15-h1", "PAN-OS 8.1.15", "PAN-OS 8.1.14-h2", "PAN-OS 8.1.14-h1", "PAN-OS 8.1.14", "PAN-OS 8.1.13", "PAN-OS 8.1.12", "PAN-OS 8.1.11", "PAN-OS 8.1.10", "PAN-OS 8.1.9-h4", "PAN-OS 8.1.9-h3", "PAN-OS 8.1.9-h2", "PAN-OS 8.1.9-h1", "PAN-OS 8.1.9", "PAN-OS 8.1.8-h5", "PAN-OS 8.1.8-h4", "PAN-OS 8.1.8-h3", "PAN-OS 8.1.8-h2", "PAN-OS 8.1.8-h1", "PAN-OS 8.1.8", "PAN-OS 8.1.7", "PAN-OS 8.1.6-h2", "PAN-OS 8.1.6-h1", "PAN-OS 8.1.6", "PAN-OS 8.1.5", "PAN-OS 8.1.4", "PAN-OS 8.1.3", "PAN-OS 8.1.2", "PAN-OS 8.1.1", "PAN-OS 8.1.0", "PAN-OS 8.1", ], }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2021-3031", datePublished: "2021-01-13T18:10:13.174067Z", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-09-16T16:48:43.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-3031\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2021-01-13T18:15:14.603\",\"lastModified\":\"2024-11-21T06:20:47.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.\"},{\"lang\":\"es\",\"value\":\"Los bytes de relleno en los paquetes Ethernet en los firewalls PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series y PA-7000 Series, no son borrados antes de que se cree la trama de datos. Esto filtra una pequeña cantidad de información aleatoria de la memoria del firewall para los paquetes Ethernet. Un atacante en la misma subred Ethernet que el firewall PAN-OS puede recopilar información potencialmente confidencial de estos paquetes. Este problema también se conoce como Etherleak y los escáneres de seguridad lo detectan como CVE-2003-0001. Este problema afecta: PAN-OS 8.1 versiones anteriores a PAN-OS 8.1.18; PAN-OS 9.0 versiones anteriores a PAN-OS 9.0.12; PAN-OS 9.1 versiones anteriores a PAN-OS 9.1.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-212\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.18\",\"matchCriteriaId\":\"33293775-DC4C-41E0-89CD-B15F4B73D130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.12\",\"matchCriteriaId\":\"9DABB61F-8BFA-4476-9A59-E0DC68873022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0\",\"versionEndExcluding\":\"9.1.5\",\"matchCriteriaId\":\"872E6056-5BE6-4FE8-BE33-F98CF0DBC67C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4A00CA4-326B-45A1-A4C1-46DDA28819AA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-2020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17D4C591-22F5-44A8-8490-7B4AD0682414\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-2050:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADF87CC5-485D-4F39-953C-A727CF0A5305\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E75FBB9F-24D9-413A-ABC8-6ACFD99F4097\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-3020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43FCBC3C-C1EC-43D3-80CE-6C8D0C465FD3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-3050:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2480738F-8A68-4B15-8893-0BD9AA4660B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-3060:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3DA3033-6239-47D4-9CF9-11AE51E0308E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-3220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1D39EA7-7F92-4CF0-AF52-D6DA4A35683A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-3250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2632686-9B16-4CDB-8874-55CDB86CA90F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-3260:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DED6DB33-02C3-421E-B289-0E735293F100\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6550421C-0EA0-4C04-93C9-F862B1CDED67\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-5200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0196D5B4-9C82-4DC6-9A3D-3397BE92D153\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:paloaltonetworks:pa-800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BC340BF-F1B1-4EE8-91C9-DF650B26555F\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3031\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2021-3031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.