CVE-2021-3031
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.
Los bytes de relleno en los paquetes Ethernet en los firewalls PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series y PA-7000 Series, no son borrados antes de que se cree la trama de datos. Esto filtra una pequeña cantidad de información aleatoria de la memoria del firewall para los paquetes Ethernet. Un atacante en la misma subred Ethernet que el firewall PAN-OS puede recopilar información potencialmente confidencial de estos paquetes. Este problema también se conoce como Etherleak y los escáneres de seguridad lo detectan como CVE-2003-0001. Este problema afecta: PAN-OS 8.1 versiones anteriores a PAN-OS 8.1.18; PAN-OS 9.0 versiones anteriores a PAN-OS 9.0.12; PAN-OS 9.1 versiones anteriores a PAN-OS 9.1.5.
*Credits:
This issue was found by a customer of Palo Alto Networks during a security review.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-06 CVE Reserved
- 2021-01-13 CVE Published
- 2023-09-29 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2021-3031 | 2022-10-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-200 Search vendor "Paloaltonetworks" for product "Pa-200" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-2020 Search vendor "Paloaltonetworks" for product "Pa-2020" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-2050 Search vendor "Paloaltonetworks" for product "Pa-2050" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-220 Search vendor "Paloaltonetworks" for product "Pa-220" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3020 Search vendor "Paloaltonetworks" for product "Pa-3020" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3050 Search vendor "Paloaltonetworks" for product "Pa-3050" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3060 Search vendor "Paloaltonetworks" for product "Pa-3060" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3220 Search vendor "Paloaltonetworks" for product "Pa-3220" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3250 Search vendor "Paloaltonetworks" for product "Pa-3250" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3260 Search vendor "Paloaltonetworks" for product "Pa-3260" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-500 Search vendor "Paloaltonetworks" for product "Pa-500" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-5200 Search vendor "Paloaltonetworks" for product "Pa-5200" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 8.1.0 < 8.1.18 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 8.1.0 < 8.1.18" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-800 Search vendor "Paloaltonetworks" for product "Pa-800" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-200 Search vendor "Paloaltonetworks" for product "Pa-200" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-2020 Search vendor "Paloaltonetworks" for product "Pa-2020" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-2050 Search vendor "Paloaltonetworks" for product "Pa-2050" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-220 Search vendor "Paloaltonetworks" for product "Pa-220" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3020 Search vendor "Paloaltonetworks" for product "Pa-3020" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3050 Search vendor "Paloaltonetworks" for product "Pa-3050" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3060 Search vendor "Paloaltonetworks" for product "Pa-3060" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3220 Search vendor "Paloaltonetworks" for product "Pa-3220" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3250 Search vendor "Paloaltonetworks" for product "Pa-3250" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3260 Search vendor "Paloaltonetworks" for product "Pa-3260" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-500 Search vendor "Paloaltonetworks" for product "Pa-500" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-5200 Search vendor "Paloaltonetworks" for product "Pa-5200" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.0.0 < 9.0.12 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.0.0 < 9.0.12" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-800 Search vendor "Paloaltonetworks" for product "Pa-800" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-200 Search vendor "Paloaltonetworks" for product "Pa-200" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-2020 Search vendor "Paloaltonetworks" for product "Pa-2020" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-2050 Search vendor "Paloaltonetworks" for product "Pa-2050" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-220 Search vendor "Paloaltonetworks" for product "Pa-220" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3020 Search vendor "Paloaltonetworks" for product "Pa-3020" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3050 Search vendor "Paloaltonetworks" for product "Pa-3050" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3060 Search vendor "Paloaltonetworks" for product "Pa-3060" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3220 Search vendor "Paloaltonetworks" for product "Pa-3220" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3250 Search vendor "Paloaltonetworks" for product "Pa-3250" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-3260 Search vendor "Paloaltonetworks" for product "Pa-3260" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-500 Search vendor "Paloaltonetworks" for product "Pa-500" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-5200 Search vendor "Paloaltonetworks" for product "Pa-5200" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 9.1.0 < 9.1.5 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 9.1.0 < 9.1.5" | - |
Affected
| in | Paloaltonetworks Search vendor "Paloaltonetworks" | Pa-800 Search vendor "Paloaltonetworks" for product "Pa-800" | - | - |
Safe
|