CVE-2020-2043 : Security Advisory and Response
Learn about CVE-2020-2043, an information exposure vulnerability in Palo Alto Networks PAN-OS software. Find out the impacted versions, exploitation mechanism, and mitigation steps.
An information exposure vulnerability in Palo Alto Networks PAN-OS software.
Understanding CVE-2020-2043
What is CVE-2020-2043?
This CVE involves an information exposure through log files vulnerability in PAN-OS software.
The Impact of CVE-2020-2043
- Vulnerability allows sensitive fields to be logged in clear text in configuration logs.
- Affected versions: PAN-OS 8.1, 9.0, and 9.1.
Technical Details of CVE-2020-2043
Vulnerability Description
- Sensitive fields are recorded without masking in configuration logs.
- First instance of the field is masked, subsequent instances are in clear text.
Affected Systems and Versions
- PAN-OS 8.1 versions < 8.1.16
- PAN-OS 9.0 versions < 9.0.10
- PAN-OS 9.1 versions < 9.1.4
Exploitation Mechanism
- Requires enabling the after-change-detail custom syslog field for config logs.
Mitigation and Prevention
Immediate Steps to Take
- Review and follow best practices for securing PAN-OS management interface.
Long-Term Security Practices
- Regularly update PAN-OS to fixed versions.
- Monitor and restrict access to log files.
Patching and Updates
- Issue fixed in PAN-OS 8.1.16, 9.0.10, 9.1.4, and later versions.