CVE-2021-3037 - OpenCVE

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2021-3037	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2021-04-14T00:00:00

Updated: 2021-04-20T03:15:17

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-3037

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-20T04:15:12.760

Modified: 2022-10-25T19:17:57.537

Link: CVE-2021-3037

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "8.1.19", "status": "unaffected"}], "lessThan": "8.1.19", "status": "affected", "version": "8.1", "versionType": "custom"}, {"changes": [{"at": "9.0.13", "status": "unaffected"}], "lessThan": "9.0.13", "status": "affected", "version": "9.0", "versionType": "custom"}, {"changes": [{"at": "9.1.4", "status": "unaffected"}], "lessThan": "9.1.4", "status": "affected", "version": "9.1", "versionType": "custom"}, {"lessThan": "10.0*", "status": "unaffected", "version": "10.0.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "This issue is only applicable to PAN-OS devices that have been configured to use scheduled configuration exports at any time."}], "credits": [{"lang": "en", "value": "This issue was found by a customer of Palo Alto Networks during a security review."}], "datePublic": "2021-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-534", "description": "CWE-534 Information Exposure Through Debug Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-20T03:15:17", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2021-3037"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.13, PAN-OS 9.1.4, and all later PAN-OS versions.\n\nAfter you upgrade the PAN-OS appliance, you must change the connection details used in scheduled configuration exports. You should also change the credentials on the destination server that are used to export the configuration."}], "source": {"defect": ["PAN-131474"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-04-14T00:00:00", "value": "Initial publication"}], "title": "PAN-OS: Secrets for scheduled configuration exports are logged in system logs", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2021-04-14T16:00:00.000Z", "ID": "CVE-2021-3037", "STATE": "PUBLIC", "TITLE": "PAN-OS: Secrets for scheduled configuration exports are logged in system logs"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"version_affected": "<", "version_name": "8.1", "version_value": "8.1.19"}, {"version_affected": "<", "version_name": "9.0", "version_value": "9.0.13"}, {"version_affected": "<", "version_name": "9.1", "version_value": "9.1.4"}, {"version_affected": "!>=", "version_name": "10.0", "version_value": "10.0.0"}, {"version_affected": "!>=", "version_name": "8.1", "version_value": "8.1.19"}, {"version_affected": "!>=", "version_name": "9.0", "version_value": "9.0.13"}, {"version_affected": "!>=", "version_name": "9.1", "version_value": "9.1.4"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue is only applicable to PAN-OS devices that have been configured to use scheduled configuration exports at any time."}], "credit": [{"lang": "eng", "value": "This issue was found by a customer of Palo Alto Networks during a security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-534 Information Exposure Through Debug Log Files"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2021-3037", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2021-3037"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.13, PAN-OS 9.1.4, and all later PAN-OS versions.\n\nAfter you upgrade the PAN-OS appliance, you must change the connection details used in scheduled configuration exports. You should also change the credentials on the destination server that are used to export the configuration."}], "source": {"defect": ["PAN-131474"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-04-14T00:00:00", "value": "Initial publication"}], "x_advisoryEoL": false, "x_affectedList": ["PAN-OS 9.1.3-h1", "PAN-OS 9.1.3", "PAN-OS 9.1.2-h1", "PAN-OS 9.1.2", "PAN-OS 9.1.1", "PAN-OS 9.1.0-h3", "PAN-OS 9.1.0-h2", "PAN-OS 9.1.0-h1", "PAN-OS 9.1.0", "PAN-OS 9.1", "PAN-OS 9.0.12", "PAN-OS 9.0.11", "PAN-OS 9.0.10", "PAN-OS 9.0.9-h1", "PAN-OS 9.0.9", "PAN-OS 9.0.8", "PAN-OS 9.0.7", "PAN-OS 9.0.6", "PAN-OS 9.0.5", "PAN-OS 9.0.4", "PAN-OS 9.0.3-h3", "PAN-OS 9.0.3-h2", "PAN-OS 9.0.3-h1", "PAN-OS 9.0.3", "PAN-OS 9.0.2-h4", "PAN-OS 9.0.2-h3", "PAN-OS 9.0.2-h2", "PAN-OS 9.0.2-h1", "PAN-OS 9.0.2", "PAN-OS 9.0.1", "PAN-OS 9.0.0", "PAN-OS 9.0", "PAN-OS 8.1.18", "PAN-OS 8.1.17", "PAN-OS 8.1.16", "PAN-OS 8.1.15-h3", "PAN-OS 8.1.15-h2", "PAN-OS 8.1.15-h1", "PAN-OS 8.1.15", "PAN-OS 8.1.14-h2", "PAN-OS 8.1.14-h1", "PAN-OS 8.1.14", "PAN-OS 8.1.13", "PAN-OS 8.1.12", "PAN-OS 8.1.11", "PAN-OS 8.1.10", "PAN-OS 8.1.9-h4", "PAN-OS 8.1.9-h3", "PAN-OS 8.1.9-h2", "PAN-OS 8.1.9-h1", "PAN-OS 8.1.9", "PAN-OS 8.1.8-h5", "PAN-OS 8.1.8-h4", "PAN-OS 8.1.8-h3", "PAN-OS 8.1.8-h2", "PAN-OS 8.1.8-h1", "PAN-OS 8.1.8", "PAN-OS 8.1.7", "PAN-OS 8.1.6-h2", "PAN-OS 8.1.6-h1", "PAN-OS 8.1.6", "PAN-OS 8.1.5", "PAN-OS 8.1.4", "PAN-OS 8.1.3", "PAN-OS 8.1.2", "PAN-OS 8.1.1", "PAN-OS 8.1.0", "PAN-OS 8.1"]}}}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2021-3037", "datePublished": "2021-04-14T00:00:00", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2021-04-20T03:15:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "186F919F-1EF1-4190-9852-2D64CF508E87", "versionEndExcluding": "8.1.19", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "591D2600-BA93-4E0A-8AB6-FB4E3E62B92A", "versionEndExcluding": "9.0.13", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F307ABF3-27DB-4C76-A488-60E1F6A6D17F", "versionEndExcluding": "9.1.4", "versionStartIncluding": "9.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de exposici\u00f3n de informaci\u00f3n por medio de archivos de registro en el software PAN-OS de Palo Alto Networks, donde los detalles de conexi\u00f3n para una exportaci\u00f3n de configuraci\u00f3n programada son registrados en registros del sistema. La informaci\u00f3n registrada incluye el nombre de usuario en texto sin cifrar, la contrase\u00f1a y la direcci\u00f3n IP usada para exportar la configuraci\u00f3n de PAN-OS al servidor de destino"}], "id": "CVE-2021-3037", "lastModified": "2022-10-25T19:17:57.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "psirt@paloaltonetworks.com", "type": "Primary"}]}, "published": "2021-04-20T04:15:12.760", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3037"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-534"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}