漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PAN-OS: Configuration secrets for log forwarding may be logged in system logs
Vulnerability Description
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Palo Alto Networks PAN-OS 日志信息泄露漏洞
Vulnerability Description
Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS 存在日志信息泄露漏洞,该漏洞源于程序中的http、电子邮件和snmptrap v3日志转发服务器配置文件的配置秘密可以记录到logrcvr.log系统日志中。记录的信息可能包括多达1024字节的配置,包括加密形式的用户名和密码,以及在为日志转发服务器配置文件设置的任何证书配置文件中使用的私钥。以下设备或型号存在漏洞:PAN
CVSS Information
N/A
Vulnerability Type
N/A