vulnerability

PAN-OS: System proxy passwords may be logged in clear text while viewing system state

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:P/I:N/A:N)	Nov 11, 2020	Nov 12, 2020	Nov 18, 2020

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Nov 11, 2020

Added

Nov 12, 2020

Modified

Nov 18, 2020

Description

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.

Solutions

palo-alto-networks-pan-os-upgrade-8-1palo-alto-networks-pan-os-upgrade-9-0palo-alto-networks-pan-os-upgrade-9-1

References

CVE-2020-2048
https://attackerkb.com/topics/CVE-2020-2048
URL-https://security.paloaltonetworks.com/CVE-2020-2048

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today