製品・ソフトウェアに関する情報

JVN脆弱性詳細

PAN-OS における情報漏えいに関する脆弱性

Title	PAN-OS における情報漏えいに関する脆弱性
Summary	PAN-OS には、情報漏えいに関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 13, 2021, midnight
Registration Date	Sept. 14, 2021, 5:26 p.m.
Last Update	Sept. 14, 2021, 5:26 p.m.

Affected System

Palo Alto Networks

PAN-OS 9.1.5 未満の 9.1

PAN-OS 8.1.18 未満の 8.1

PAN-OS 9.0.12 未満の 9.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-3031	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3031
National Vulnerability Database (NVD)
2	CVE-2021-3031	https://nvd.nist.gov/vuln/detail/CVE-2021-3031

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Security Advisory
1	PAN-124681	https://security.paloaltonetworks.com/CVE-2021-3031

Change Log

No	Changed Details	Date of change
1	[2021年09月14日] 掲載	Sept. 14, 2021, 5:26 p.m.

NVD Vulnerability Information

CVE-2021-3031

Summary	Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.
Publication Date	Jan. 14, 2021, 3:15 a.m.
Registration Date	Jan. 26, 2021, 10:40 a.m.
Last Update	Nov. 21, 2024, 3:20 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:paloaltonetworks:pan-os::::::::		8.1.0			8.1.18
cpe:2.3:o:paloaltonetworks:pan-os::::::::		9.0.0			9.0.12
cpe:2.3:o:paloaltonetworks:pan-os::::::::		9.1.0			9.1.5
execution environment
1	cpe:2.3:h:paloaltonetworks:pa-200:-:::::::*
2	cpe:2.3:h:paloaltonetworks:pa-2020:-:::::::*
3	cpe:2.3:h:paloaltonetworks:pa-2050:-:::::::*
4	cpe:2.3:h:paloaltonetworks:pa-220:-:::::::*
5	cpe:2.3:h:paloaltonetworks:pa-3020:-:::::::*
6	cpe:2.3:h:paloaltonetworks:pa-3050:-:::::::*
7	cpe:2.3:h:paloaltonetworks:pa-3060:-:::::::*
8	cpe:2.3:h:paloaltonetworks:pa-3220:-:::::::*
9	cpe:2.3:h:paloaltonetworks:pa-3250:-:::::::*
10	cpe:2.3:h:paloaltonetworks:pa-3260:-:::::::*
11	cpe:2.3:h:paloaltonetworks:pa-500:-:::::::*
12	cpe:2.3:h:paloaltonetworks:pa-5200:-:::::::*
13	cpe:2.3:h:paloaltonetworks:pa-800:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	https://security.paloaltonetworks.com/CVE-2021-3031		Vendor Advisory
2	https://security.paloaltonetworks.com/CVE-2021-3031		Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-212	保存または転送前の重要な情報の不適切な削除	https://cwe.mitre.org/data/definitions/212.html