CVE-2021-3031

Published Jan 13, 2021

Last updated 3 months ago

CVSS medium 4.3

Overview

Description: Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.
Source: psirt@paloaltonetworks.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.3
Impact score: 2.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

psirt@paloaltonetworks.com: CWE-200
nvd@nist.gov: CWE-212

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33293775-DC4C-41E0-89CD-B15F4B73D130",
            "versionEndExcluding": "8.1.18",
            "versionStartIncluding": "8.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DABB61F-8BFA-4476-9A59-E0DC68873022",
            "versionEndExcluding": "9.0.12",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "872E6056-5BE6-4FE8-BE33-F98CF0DBC67C",
            "versionEndExcluding": "9.1.5",
            "versionStartIncluding": "9.1.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C4A00CA4-326B-45A1-A4C1-46DDA28819AA"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-2020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17D4C591-22F5-44A8-8490-7B4AD0682414"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-2050:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ADF87CC5-485D-4F39-953C-A727CF0A5305"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-220:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E75FBB9F-24D9-413A-ABC8-6ACFD99F4097"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-3020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43FCBC3C-C1EC-43D3-80CE-6C8D0C465FD3"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-3050:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2480738F-8A68-4B15-8893-0BD9AA4660B8"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-3060:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F3DA3033-6239-47D4-9CF9-11AE51E0308E"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-3220:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A1D39EA7-7F92-4CF0-AF52-D6DA4A35683A"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-3250:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B2632686-9B16-4CDB-8874-55CDB86CA90F"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-3260:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DED6DB33-02C3-421E-B289-0E735293F100"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6550421C-0EA0-4C04-93C9-F862B1CDED67"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0196D5B4-9C82-4DC6-9A3D-3397BE92D153"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5BC340BF-F1B1-4EE8-91C9-DF650B26555F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References