Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-3031
HistoryJan 13, 2021 - 6:15 p.m.

CVE-2021-3031

2021-01-1318:15:14
CWE-200
CWE-212
[email protected]
web.nvd.nist.gov
6
ethernet packets
palo alto networks
security issue

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.

Affected configurations

Nvd
Node
paloaltonetworkspa-200Match-
OR
paloaltonetworkspa-2020Match-
OR
paloaltonetworkspa-2050Match-
OR
paloaltonetworkspa-220Match-
OR
paloaltonetworkspa-3020Match-
OR
paloaltonetworkspa-3050Match-
OR
paloaltonetworkspa-3060Match-
OR
paloaltonetworkspa-3220Match-
OR
paloaltonetworkspa-3250Match-
OR
paloaltonetworkspa-3260Match-
OR
paloaltonetworkspa-500Match-
OR
paloaltonetworkspa-5200Match-
OR
paloaltonetworkspa-800Match-
AND
paloaltonetworkspan-osRange8.1.08.1.18
OR
paloaltonetworkspan-osRange9.0.09.0.12
OR
paloaltonetworkspan-osRange9.1.09.1.5
VendorProductVersionCPE
paloaltonetworkspa-200-cpe:2.3:h:paloaltonetworks:pa-200:-:*:*:*:*:*:*:*
paloaltonetworkspa-2020-cpe:2.3:h:paloaltonetworks:pa-2020:-:*:*:*:*:*:*:*
paloaltonetworkspa-2050-cpe:2.3:h:paloaltonetworks:pa-2050:-:*:*:*:*:*:*:*
paloaltonetworkspa-220-cpe:2.3:h:paloaltonetworks:pa-220:-:*:*:*:*:*:*:*
paloaltonetworkspa-3020-cpe:2.3:h:paloaltonetworks:pa-3020:-:*:*:*:*:*:*:*
paloaltonetworkspa-3050-cpe:2.3:h:paloaltonetworks:pa-3050:-:*:*:*:*:*:*:*
paloaltonetworkspa-3060-cpe:2.3:h:paloaltonetworks:pa-3060:-:*:*:*:*:*:*:*
paloaltonetworkspa-3220-cpe:2.3:h:paloaltonetworks:pa-3220:-:*:*:*:*:*:*:*
paloaltonetworkspa-3250-cpe:2.3:h:paloaltonetworks:pa-3250:-:*:*:*:*:*:*:*
paloaltonetworkspa-3260-cpe:2.3:h:paloaltonetworks:pa-3260:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 141

Related

prion 4
cve 5
paloalto 1
cvelist 5
exploitpack 3
ubuntucve 1
nessus 21
exploitdb 3
zdt 2
securityvulns 7
seebug 4
packetstorm 2
cert 2
nvd 4
openvas 14
osv 6
debian 9
oracle 1
prion
prion
Information disclosure
2021-01-13 18:15:00
Design/Logic Flaw
2018-01-10 22:29:00
Code injection
2022-07-20 15:15:00
cve
cve
CVE-2021-3031
2021-01-13 18:15:14
CVE-2003-0001
2003-01-17 05:00:00
CVE-2018-0014
2018-01-10 22:29:01
paloalto
paloalto
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
2021-01-13 17:00:00
cvelist
cvelist
CVE-2021-3031 PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
2021-01-13 18:10:13
CVE-2003-0001
2003-01-08 05:00:00
CVE-2013-4690
2013-07-11 14:00:00
exploitpack
exploitpack
Ethernet Device Drivers Frame Padding - Etherleak Infomation Leakage
2007-03-23 00:00:00
Cisco ASA 8.4.4.6 8.2.5.32 - Ethernet Information Leak
2013-06-10 00:00:00
Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
2007-03-23 00:00:00
ubuntucve
ubuntucve
CVE-2003-0001
2003-01-17 00:00:00
nessus
nessus
Juniper Junos Information Exposure (JSA69720)
2022-07-21 00:00:00
Solaris 10 (x86) : 125907-02 (deprecated)
2013-09-15 00:00:00
Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)
2003-01-14 00:00:00
exploitdb
exploitdb
Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage
2007-03-23 00:00:00
Cisco ASA < 8.4.4.6 < 8.2.5.32 - Ethernet Information Leak
2013-06-10 00:00:00
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
2007-03-23 00:00:00
zdt
zdt
Ethernet Device Drivers Frame Padding Info Leakage Expl (Etherleak)
2007-03-23 00:00:00
Cisco ASA < 8.4.4.6|8.2.5.32 Ethernet Information Leak
2013-06-10 00:00:00
securityvulns
securityvulns
[Full-Disclosure] IRIX Update Some Network Drivers May Leak Data
2004-04-03 00:00:00
Ethernet frame padding information leakage
2005-10-13 00:00:00
Etherleak: Ethernet frame padding information leakage &#40;A010603-1&#41;
2003-01-08 00:00:00
seebug
seebug
Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure
2014-07-01 00:00:00
Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak
2014-07-01 00:00:00
Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)
2014-07-01 00:00:00
packetstorm
packetstorm
etherleak.txt
2007-03-24 00:00:00
Cisco ASA Ethernet Information Leak
2013-06-10 00:00:00
cert
cert
Network device drivers reuse old frame buffer data to pad packets
2003-01-06 00:00:00
ptrace contains vulnerability allowing for local root compromise
2004-04-16 00:00:00
nvd
nvd
CVE-2003-0001
2003-01-17 05:00:00
CVE-2013-4690
2013-07-11 14:55:01
CVE-2018-0014
2018-01-10 22:29:01
openvas
openvas
ICMP 'Etherleak' Information Disclosure
2021-08-23 00:00:00
Juniper Networks Junos OS QFX and EX Series Information Disclosure Vulnerability (JSA10773, Etherleak)
2017-01-12 00:00:00
Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)
2008-01-17 00:00:00
osv
osv
kernel-patch-2.4.18-powerpc - several vulnerabilities
2003-06-09 00:00:00
linux-kernel-2.4.17 - several vulnerabilities
2003-06-27 00:00:00
linux-kernel-2.4.18 - several vulnerabilities
2003-06-08 00:00:00
debian
debian
[SECURITY] [DSA-336-2] Factual correction for DSA-336-1
2003-06-30 21:32:58
[SECURITY] [DSA 442-1] New Linux 2.4.17 packages fix local root exploits and more (s390)
2004-02-19 09:24:37
[SECURITY] [DSA 442-1] New Linux 2.4.17 packages fix local root exploits and more (s390)
2004-02-19 09:24:37
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON
Related for NVD:CVE-2021-3031
prion4cve5paloalto1cvelist5exploitpack3ubuntucve1nessus21exploitdb3zdt2securityvulns7seebug4packetstorm2cert2nvd4openvas14osv6debian9oracle1