CVE-2021-3031
Published Jan 13, 2021
Last updated 2 years ago
Overview
- Description
- Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.3
- Impact score
- 2.9
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:P/I:N/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C4A00CA4-326B-45A1-A4C1-46DDA28819AA"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-2020:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "17D4C591-22F5-44A8-8490-7B4AD0682414"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-2050:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "ADF87CC5-485D-4F39-953C-A727CF0A5305"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-220:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E75FBB9F-24D9-413A-ABC8-6ACFD99F4097"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-3020:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "43FCBC3C-C1EC-43D3-80CE-6C8D0C465FD3"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-3050:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2480738F-8A68-4B15-8893-0BD9AA4660B8"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-3060:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F3DA3033-6239-47D4-9CF9-11AE51E0308E"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-3220:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A1D39EA7-7F92-4CF0-AF52-D6DA4A35683A"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-3250:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B2632686-9B16-4CDB-8874-55CDB86CA90F"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-3260:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DED6DB33-02C3-421E-B289-0E735293F100"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6550421C-0EA0-4C04-93C9-F862B1CDED67"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-5200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0196D5B4-9C82-4DC6-9A3D-3397BE92D153"
},
{
"criteria": "cpe:2.3:h:paloaltonetworks:pa-800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5BC340BF-F1B1-4EE8-91C9-DF650B26555F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33293775-DC4C-41E0-89CD-B15F4B73D130",
"versionEndExcluding": "8.1.18",
"versionStartIncluding": "8.1.0"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DABB61F-8BFA-4476-9A59-E0DC68873022",
"versionEndExcluding": "9.0.12",
"versionStartIncluding": "9.0.0"
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "872E6056-5BE6-4FE8-BE33-F98CF0DBC67C",
"versionEndExcluding": "9.1.5",
"versionStartIncluding": "9.1.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]