Main Vulnerability Database SB2021011318

SB2021011318 - Information disclosure in Palo Alto PAN-OS

Published: January 13, 2021

Security Bulletin ID SB2021011318

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2021-3032)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software writes configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles in logrcvr.log system log. A local user can read the log files and gain access to sensitive data.

Remediation

Install update from vendor's website.

References

https://security.paloaltonetworks.com/CVE-2021-3032