vulnerability

PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Sep 14, 2020	Sep 14, 2020	Oct 5, 2020

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Sep 14, 2020

Added

Sep 14, 2020

Modified

Oct 5, 2020

Description

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.

Solutions

palo-alto-networks-pan-os-upgrade-8-0palo-alto-networks-pan-os-upgrade-8-1palo-alto-networks-pan-os-upgrade-9-0palo-alto-networks-pan-os-upgrade-9-1

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today