Palo Alto PAN-OS up to 8.1.15/9.0.9/9.1.3 Log File log file

Summaryinfo

A vulnerability was found in Palo Alto PAN-OS up to 8.1.15/9.0.9/9.1.3. It has been classified as problematic. The affected element is an unknown function of the component Log File Handler. The manipulation leads to log file. This vulnerability is documented as CVE-2020-2043. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Palo Alto PAN-OS up to 8.1.15/9.0.9/9.1.3 (Firewall Software). It has been rated as problematic. This issue affects an unknown code block of the component Log File Handler. The manipulation with an unknown input leads to a log file vulnerability. Using CWE to declare the problem leads to CWE-532. Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Impacted is confidentiality. The summary by CVE is:

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive field is masked but subsequent instances are left in clear text. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4.

The weakness was released 09/09/2020 (Website). It is possible to read the advisory at security.paloaltonetworks.com. The identification of this vulnerability is CVE-2020-2043 since 12/04/2019. Attacking locally is a requirement. The requirement for exploitation is a simple authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

Upgrading to version 8.1.16, 9.0.10, 9.1.4 or 10.0.0 eliminates this vulnerability.

Entries connected to this vulnerability are available at VDB-160992, VDB-160990, VDB-160989 and VDB-160988. Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Palo Alto

Name

• PAN-OS

Version

• 8.1.0
• 8.1.1
• 8.1.2
• 8.1.3
• 8.1.4
• 8.1.5
• 8.1.6
• 8.1.7
• 8.1.8
• 8.1.9
• 8.1.10
• 8.1.11
• 8.1.12
• 8.1.13
• 8.1.14
• 8.1.15
• 9.0.0
• 9.0.1
• 9.0.2
• 9.0.3
• 9.0.4
• 9.0.5
• 9.0.6
• 9.0.7
• 9.0.8
• 9.0.9
• 9.1.0
• 9.1.1
• 9.1.2
• 9.1.3

License

• commercial

Website

• Vendor: https://www.paloaltonetworks.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion