CVSS: 4.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3047 – PAN-OS: Weak Cryptography Used in Web Interface Authentication
https://notcve.org/view.php?id=CVE-2021-3047
11 Aug 2021 — A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier t... • https://security.paloaltonetworks.com/CVE-2021-3047 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3046 – PAN-OS: Improper SAML Authentication Vulnerability in GlobalProtect Portal
https://notcve.org/view.php?id=CVE-2021-3046
11 Aug 2021 — An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are not impac... • https://security.paloaltonetworks.com/CVE-2021-3046 • CWE-287: Improper Authentication •
CVSS: 4.9EPSS: 1%CPEs: 3EXPL: 0CVE-2021-3045 – PAN-OS: OS Command Argument Injection in Web Interface
https://notcve.org/view.php?id=CVE-2021-3045
11 Aug 2021 — An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted. Una vulnerabilidad de inyección de argumentos de comandos del Sistema Operativo en la interfaz web de PAN-OS de Palo ... • https://security.paloaltonetworks.com/CVE-2021-3045 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 2.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3037 – PAN-OS: Secrets for scheduled configuration exports are logged in system logs
https://notcve.org/view.php?id=CVE-2021-3037
20 Apr 2021 — An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server. Se presenta una vulnerabilidad de exposición de información por medio de archivos de registro en el software PAN-OS de Palo Alto Networks, donde los detalles de conexión para ... • https://security.paloaltonetworks.com/CVE-2021-3037 • CWE-532: Insertion of Sensitive Information into Log File CWE-534: DEPRECATED: Information Exposure Through Debug Log Files •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3036 – PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly
https://notcve.org/view.php?id=CVE-2021-3036
20 Apr 2021 — An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests. Logged information includes the cleartext username, password, and API key of the administrator making the PAN... • https://security.paloaltonetworks.com/CVE-2021-3036 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3032 – PAN-OS: Configuration secrets for log forwarding may be logged in system logs
https://notcve.org/view.php?id=CVE-2021-3032
13 Jan 2021 — An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier t... • https://security.paloaltonetworks.com/CVE-2021-3032 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2021-3031 – PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
https://notcve.org/view.php?id=CVE-2021-3031
13 Jan 2021 — Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by securit... • https://security.paloaltonetworks.com/CVE-2021-3031 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-2050 – PAN-OS: Authentication bypass vulnerability in GlobalProtect SSL VPN client certificate verification
https://notcve.org/view.php?id=CVE-2020-2050
12 Nov 2020 — An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features that use SSL VPN with client certificate verification are: GlobalProtec... • https://security.paloaltonetworks.com/CVE-2020-2050 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2048 – PAN-OS: System proxy passwords may be logged in clear text while viewing system state
https://notcve.org/view.php?id=CVE-2020-2048
12 Nov 2020 — An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2. Se presenta una exposición de información mediante una vulnerabilidad del archivo de registro donde la contraseña para... • https://security.paloaltonetworks.com/CVE-2020-2048 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2020-2022 – PAN-OS: Panorama session disclosure during context switch into managed device
https://notcve.org/view.php?id=CVE-2020-2022
12 Nov 2020 — An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9... • https://security.paloaltonetworks.com/CVE-2020-2022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •