CVE-2020-2048

EPSS 0.06%
Veröffentlicht 12.11.2020 00:15:10
Zuletzt bearbeitet 21.11.2024 05:24:32
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

PAN-OS: System proxy passwords may be logged in clear text while viewing system state

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Pan-os Version >= 8.1.0 < 8.1.17

Paloaltonetworks ≫ Pan-os Version >= 9.0.0 < 9.0.11

Paloaltonetworks ≫ Pan-os Version >= 9.1.0 < 9.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.178

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
psirt@paloaltonetworks.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://security.paloaltonetworks.com/CVE-2020-2048

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-2048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-2048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-2048

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-2048