CVE-2020-2044 - OpenCVE

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2020-2044	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2020-09-09T00:00:00

Updated: 2020-09-09T16:45:30

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-2044

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-09T17:15:26.307

Modified: 2020-09-15T16:29:34.120

Link: CVE-2020-2044

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"containers": {"cna": {"affected": [{"product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"status": "affected", "version": "8.0.*"}, {"changes": [{"at": "8.1.16", "status": "unaffected"}], "lessThan": "8.1.16", "status": "affected", "version": "8.1", "versionType": "custom"}, {"changes": [{"at": "9.0.10", "status": "unaffected"}], "lessThan": "9.0.10", "status": "affected", "version": "9.0", "versionType": "custom"}, {"changes": [{"at": "9.1.3", "status": "unaffected"}], "lessThan": "9.1.3", "status": "affected", "version": "9.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was found by Yamata Li of Palo Alto Networks during internal security review."}], "datePublic": "2020-09-09T00:00:00", "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-09T16:45:30", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2020-2044"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.3, and all later PAN-OS versions."}], "source": {"defect": ["PAN-135262"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2020-09-09T00:00:00", "value": "Initial publication"}], "title": "PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history", "workarounds": [{"lang": "en", "value": "This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2020-09-09T16:00:00.000Z", "ID": "CVE-2020-2044", "STATE": "PUBLIC", "TITLE": "PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"version_affected": "<", "version_name": "8.1", "version_value": "8.1.16"}, {"version_affected": "<", "version_name": "9.0", "version_value": "9.0.10"}, {"version_affected": "<", "version_name": "9.1", "version_value": "9.1.3"}, {"version_affected": "!>=", "version_name": "8.1", "version_value": "8.1.16"}, {"version_affected": "!>=", "version_name": "9.0", "version_value": "9.0.10"}, {"version_affected": "!>=", "version_name": "9.1", "version_value": "9.1.3"}, {"version_affected": "=", "version_name": "8.0", "version_value": "8.0.*"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "This issue was found by Yamata Li of Palo Alto Networks during internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532 Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2020-2044", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2020-2044"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.16, PAN-OS 9.0.10, PAN-OS 9.1.3, and all later PAN-OS versions."}], "source": {"defect": ["PAN-135262"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2020-09-09T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "This issue requires access to PAN-OS log files generated in the system. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at https://docs.paloaltonetworks.com/best-practices."}]}}}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2020-2044", "datePublished": "2020-09-09T00:00:00", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2020-09-09T16:45:30", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BEFBF38-AF84-4477-A6B9-5BDD51D54F4F", "versionEndIncluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E961A6F-DC8D-46DE-9279-95FCA3B460C1", "versionEndExcluding": "8.1.16", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "B274DF14-BD36-46DF-91EF-0293CC082B41", "versionEndExcluding": "9.0.10", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E9F14E9-3CD7-443B-9D97-254E917FA22B", "versionEndExcluding": "9.1.3", "versionStartIncluding": "9.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3."}, {"lang": "es", "value": "Una exposici\u00f3n de informaci\u00f3n por medio de una vulnerabilidad de archivo de registro donde la contrase\u00f1a de un administrador u otra informaci\u00f3n confidencial puede ser registrada en texto sin cifrar mientras se usa la CLI en el software PAN-OS de Palo Alto Networks. El archivo opcmdhistory.log se introdujo para realizar un seguimiento del uso del comando operacional (op-command), pero no enmascara toda la informaci\u00f3n confidencial. El archivo opcmdhistory.log es eliminado en PAN-OS versi\u00f3n 9.1 y versiones posteriores de PAN-OS. El uso del comando es registrado, en cambio, en el archivo req_stats.log en PAN-OS versi\u00f3n 9.1 y versiones posteriores de PAN-OS. Este problema impacta a: Versiones PAN-OS 8.1 anteriores a PAN-OS 8.1.16; Versiones PAN-OS 9.0 anteriores a PAN-OS 9.0.10; Versiones PAN-OS 9.1 anteriores a PAN-OS 9.1.3."}], "id": "CVE-2020-2044", "lastModified": "2020-09-15T16:29:34.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2020-09-09T17:15:26.307", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-2044"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}