Main Vulnerability Database Vulnerabilities #VU49515

Inclusion of Sensitive Information in Log Files in Palo Alto PAN-OS - CVE-2021-3032

Published: January 13, 2021 / Updated: January 13, 2021

Vulnerability identifier: #VU49515

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3032

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Palo Alto PAN-OS

Software vendor:
Palo Alto Networks, Inc.

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software writes configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles in logrcvr.log system log. A local user can read the log files and gain access to sensitive data.

Remediation

Install updates from vendor's website.

External links

https://security.paloaltonetworks.com/CVE-2021-3032

Inclusion of Sensitive Information in Log Files in Palo Alto PAN-OS - CVE-2021-3032

Description

Remediation

External links

Please verify you're human