Lucene search

K
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.PALO_ALTO_CVE-2020-2043.NASL
HistorySep 14, 2020 - 12:00 a.m.

Palo Alto Networks PAN-OS 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.4 Information Exposure

2020-09-1400:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

12.7%

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.16 or 9.0.x prior to 9.0.10 or 9.1.x prior to 9.1.4. It is, therefore, affected by an information exposure vulnerability when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. An authenticated, local attacker can exploit this, by accessing the configuration logs, to expose sensitive information. Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(140576);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id("CVE-2020-2043");
  script_xref(name:"IAVA", value:"2020-A-0418-S");
  script_xref(name:"CEA-ID", value:"CEA-2020-0120");

  script_name(english:"Palo Alto Networks PAN-OS 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.4 Information Exposure");

  script_set_attribute(attribute:"synopsis", value:
"The remote PAN-OS host is affected by an information exposure vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.16 or 9.0.x prior to 9.0.10
or 9.1.x prior to 9.1.4. It is, therefore, affected by an information exposure vulnerability when the
after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times
in one log entry. An authenticated, local attacker can exploit this, by accessing the configuration logs, to expose
sensitive information. Note that Nessus has not tested for this issue but has instead relied only on the application's
self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/CVE-2020-2043");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PAN-OS 8.1.16 / 9.0.10 / 9.1.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2043");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(532);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/14");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:paloaltonetworks:pan-os");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Palo Alto Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("palo_alto_version.nbin");
  script_require_keys("Host/Palo_Alto/Firewall/Version", "Host/Palo_Alto/Firewall/Full_Version", "Host/Palo_Alto/Firewall/Source");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

vcf::palo_alto::initialize();

app_name = 'Palo Alto Networks PAN-OS';

app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', kb_source:'Host/Palo_Alto/Firewall/Source');

constraints = [
  { 'min_version' : '8.1.0', 'fixed_version' : '8.1.16' },
  { 'min_version' : '9.0.0', 'fixed_version' : '9.0.10' },
  { 'min_version' : '9.1.0', 'fixed_version' : '9.1.4' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
paloaltonetworkspan-oscpe:/o:paloaltonetworks:pan-os

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

12.7%

Related for PALO_ALTO_CVE-2020-2043.NASL