Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/CVE-2021-3031 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
27 Oct 2022, 12:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-212 |
19 Jan 2021, 23:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-200 | |
CPE | cpe:2.3:h:paloaltonetworks:pa-3050:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-3250:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-3060:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-3020:-:*:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-2050:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-3260:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-500:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-220:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-800:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-3220:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-5200:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-200:-:*:*:*:*:*:*:* cpe:2.3:h:paloaltonetworks:pa-2020:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 3.3
v3 : 4.3 |
References | (CONFIRM) https://security.paloaltonetworks.com/CVE-2021-3031 - Vendor Advisory |
13 Jan 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5. |
13 Jan 2021, 18:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-13 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3031
Mitre link : CVE-2021-3031
CVE.ORG link : CVE-2021-3031
JSON object : View
Products Affected
paloaltonetworks
- pa-5200
- pa-800
- pa-3250
- pa-500
- pa-220
- pa-2020
- pa-3060
- pa-3020
- pa-3220
- pa-2050
- pa-3050
- pan-os
- pa-200
- pa-3260