Home

CVE-2021-3031

Description

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.088

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities affected in pan-os 9.1.4NCM
Multiple Vulnerabilities affected in pan-os 8.1.16NCM
Multiple Vulnerabilities affected in pan-os 9.0.11NCM
Vulnerabilities CVE-2020-2035 ,CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 8.1.17NCM
Multiple Vulnerabilities affected in pan-os 9.0.4NCM
Multiple Vulnerabilities affected in pan-os 8.1.0NCM
Multiple Vulnerabilities affected in pan-os 9.1.3NCM
Multiple Vulnerabilities affected in pan-os 9.1.2NCM
Multiple Vulnerabilities affected in pan-os 9.1.1NCM
Multiple Vulnerabilities affected in pan-os 9.0.5NCM
Multiple Vulnerabilities affected in pan-os 9.0.2-h4NCM
Multiple Vulnerabilities affected in pan-os 9.0.2NCM
Multiple Vulnerabilities affected in pan-os 9.0.1NCM
Multiple Vulnerabilities affected in pan-os 8.1.14NCM
Multiple Vulnerabilities affected in pan-os 8.1.11NCM
Multiple Vulnerabilities affected in pan-os 8.1.6-h2NCM
Multiple Vulnerabilities affected in pan-os 8.1.6NCM
Multiple Vulnerabilities affected in pan-os 8.1.1NCM
Multiple Vulnerabilities affected in pan-os 8.1.13NCM
Multiple Vulnerabilities affected in pan-os 8.1.8-h4NCM
Multiple Vulnerabilities affected in pan-os 8.1.8NCM
Multiple Vulnerabilities affected in pan-os 8.1.7NCM
Multiple Vulnerabilities affected in pan-os 8.1.2NCM
Multiple Vulnerabilities affected in pan-os 9.0.3NCM
Multiple Vulnerabilities affected in pan-os 8.1.9NCM
Multiple Vulnerabilities affected in pan-os 8.1.8-h5NCM
Vulnerabilities CVE-2020-2050 ,CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 9.1.0NCM
Vulnerabilities CVE-2020-2050 ,CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 9.0.7NCM
Vulnerabilities CVE-2020-2050 ,CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 9.0.6NCM
Vulnerabilities CVE-2020-2050 ,CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 8.1.12NCM
Vulnerabilities CVE-2020-2050 ,CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 8.1.3NCM
Vulnerabilities CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 9.0.9NCM
Vulnerabilities CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 9.0.8NCM
Vulnerabilities CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 9.0.10NCM
Vulnerabilities CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 9.0.0NCM
Vulnerabilities CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 8.1.5NCM
Vulnerabilities CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 8.1.4-h2NCM
Vulnerabilities CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 8.1.4NCM
Vulnerabilities CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 8.1.15NCM
Vulnerabilities CVE-2021-3031 ,CVE-2021-3032 ,CVE-2021-3036 ,CVE-2021-3037 are affected in pan-os 8.1.10NCM
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-3031)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234