Inclusion of Sensitive Information in Log Files in Palo Alto PAN-OS - CVE-2021-3032

 

Inclusion of Sensitive Information in Log Files in Palo Alto PAN-OS - CVE-2021-3032

Published: January 13, 2021 / Updated: January 13, 2021


Vulnerability identifier: #VU49515
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-3032
CWE-ID: CWE-532
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
Palo Alto PAN-OS

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software writes configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles in logrcvr.log system log. A local user can read the log files and gain access to sensitive data.


How to mitigate CVE-2021-3032

Install updates from vendor's website.

Sources