CVE-2021-3037
2.3
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | PAN-OS | 8.1 < 8.1.19 | affected |
| Palo Alto Networks | PAN-OS | 9.0 < 9.0.13 | affected |
| Palo Alto Networks | PAN-OS | 9.1 < 9.1.4 | affected |
| Palo Alto Networks | PAN-OS | 10.0.0 < 10.0* | unaffected |
Weaknesses
- CWE-534: CWE-534 Information Exposure Through Debug Log Files
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.