First published: Tue Apr 20 2021(Updated: )
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Pan-os | >=8.1.0<8.1.19 | |
Paloaltonetworks Pan-os | >=9.0.0<9.0.13 | |
Paloaltonetworks Pan-os | >=9.1.0<9.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-3037 is low with a CVSS score of 2.3.
The vulnerability allows the cleartext username, password, and IP address used for a scheduled configuration export to be logged in system logs, exposing sensitive information.
Versions 8.1.0 to 8.1.19, 9.0.0 to 9.0.13, and 9.1.0 to 9.1.4 of Palo Alto Networks PAN-OS software are affected by CVE-2021-3037.
Upgrade to a fixed version of Palo Alto Networks PAN-OS software (8.1.20, 9.0.14, or 9.1.5) to fix the vulnerability.
You can find more information about CVE-2021-3037 on the Palo Alto Networks security website.