Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3031

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.

Published

2021-01-13T18:15:14.603

Last Modified

2024-11-21T06:20:47.707

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

6.5

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-200
  • Type: Primary
    CWE-212
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System paloaltonetworks pan-os < 8.1.18 Yes
Operating System paloaltonetworks pan-os < 9.0.12 Yes
Operating System paloaltonetworks pan-os < 9.1.5 Yes
Hardware paloaltonetworks pa-200 - No
Hardware paloaltonetworks pa-2020 - No
Hardware paloaltonetworks pa-2050 - No
Hardware paloaltonetworks pa-220 - No
Hardware paloaltonetworks pa-3020 - No
Hardware paloaltonetworks pa-3050 - No
Hardware paloaltonetworks pa-3060 - No
Hardware paloaltonetworks pa-3220 - No
Hardware paloaltonetworks pa-3250 - No
Hardware paloaltonetworks pa-3260 - No
Hardware paloaltonetworks pa-500 - No
Hardware paloaltonetworks pa-5200 - No
Hardware paloaltonetworks pa-800 - No
References