Palo Alto PAN-OS up to 8.1.15/9.0.9/9.1.2 Log File opcmdhistory.log Password log file

Summaryinfo

A vulnerability was found in Palo Alto PAN-OS up to 8.1.15/9.0.9/9.1.2. It has been declared as problematic. The impacted element is an unknown function of the file opcmdhistory.log of the component Log File Handler. The manipulation results in log file (Password). This vulnerability is reported as CVE-2020-2044. The attack requires a local approach. No exploit exists. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic has been found in Palo Alto PAN-OS up to 8.1.15/9.0.9/9.1.2 (Firewall Software). Affected is some unknown processing of the file opcmdhistory.log of the component Log File Handler. The manipulation with an unknown input leads to a log file vulnerability (Password). CWE is classifying the issue as CWE-532. Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. This is going to have an impact on confidentiality. CVE summarizes:

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.

The weakness was disclosed 09/09/2020 (Website). The advisory is shared for download at security.paloaltonetworks.com. This vulnerability is traded as CVE-2020-2044 since 12/04/2019. The attack needs to be approached locally. Required for exploitation is a authentication. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1592.

By approaching the search of inurl:opcmdhistory.log it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 8.1.16, 9.0.10, 9.1.3 or 10.0.0 eliminates this vulnerability.

The entries VDB-160991, VDB-160990, VDB-160989 and VDB-160988 are pretty similar. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Firewall Software

Vendor

• Palo Alto

Name

• PAN-OS

Version

• 8.1.0
• 8.1.1
• 8.1.2
• 8.1.3
• 8.1.4
• 8.1.5
• 8.1.6
• 8.1.7
• 8.1.8
• 8.1.9
• 8.1.10
• 8.1.11
• 8.1.12
• 8.1.13
• 8.1.14
• 8.1.15
• 9.0.0
• 9.0.1
• 9.0.2
• 9.0.3
• 9.0.4
• 9.0.5
• 9.0.6
• 9.0.7
• 9.0.8
• 9.0.9
• 9.1.0
• 9.1.1
• 9.1.2

License

• commercial

Website

• Vendor: https://www.paloaltonetworks.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion