CVE-2021-3031 PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)

2021-01-1300:00:00

CWE-200

palo_alto

www.cve.org

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

JSON

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.

CNA Affected

[
  {
    "platforms": [
      "PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200"
    ],
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "lessThan": "8.1.18",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "lessThan": "9.0.12",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "lessThan": "9.1.5",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "10.0.*"
      },
      {
        "lessThan": "8.1*",
        "status": "unaffected",
        "version": "8.1.18",
        "versionType": "custom"
      },
      {
        "lessThan": "9.0*",
        "status": "unaffected",
        "version": "9.0.12",
        "versionType": "custom"
      },
      {
        "lessThan": "9.1*",
        "status": "unaffected",
        "version": "9.1.5",
        "versionType": "custom"
      }
    ]
  }
]