An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive field is masked but subsequent instances are left in clear text. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/CVE-2020-2043 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: palo_alto
Published: 2020-09-09T00:00:00
Updated: 2020-09-09T16:45:29
Reserved: 2019-12-04T00:00:00
Link: CVE-2020-2043
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-09T17:15:26.213
Modified: 2020-09-15T16:46:25.537
Link: CVE-2020-2043
JSON object: View
Redhat Information
No data.
CWE