CVE-2020-2048
First published: Thu Nov 12 2020(Updated: )
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paloaltonetworks Pan-os | >=8.1.0<8.1.17 | |
| Paloaltonetworks Pan-os | >=9.0.0<9.0.11 | |
| Paloaltonetworks Pan-os | >=9.1.0<9.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-2048?
CVE-2020-2048 is a vulnerability that allows an attacker to view the password for the configured system proxy server in cleartext.
What is the severity of CVE-2020-2048?
CVE-2020-2048 has a severity value of 3.3, which is considered low.
Which versions of PAN-OS are affected by CVE-2020-2048?
PAN-OS 8.1 versions earlier than 8.1.17, PAN-OS 9.0 versions earlier than 9.0.11, and PAN-OS 9.1 versions earlier than 9.1.2 are affected by CVE-2020-2048.
How can an attacker exploit CVE-2020-2048?
An attacker can exploit CVE-2020-2048 by using the CLI in Palo Alto Networks PAN-OS software to view the password for the configured system proxy server.
Is there a fix available for CVE-2020-2048?
Yes, Palo Alto Networks has released PAN-OS versions 8.1.17, 9.0.11, and 9.1.2 to address the vulnerability CVE-2020-2048.
- collector/nvd-index
- agent/severity
- agent/author
- vendor/paloaltonetworks
- canonical/paloaltonetworks pan-os
- version/paloaltonetworks pan-os/8.1.0
- version/paloaltonetworks pan-os/9.0.0
- version/paloaltonetworks pan-os/9.1.0