CVE-2020-2043

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions earlier than 8.1.16 Palo Alto Networks PAN-OS versions earlier than 9.0.10 Palo Alto Networks PAN-OS versions earlier than 9.1.4

Description The issue is an information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software. This occurs when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive field is masked, but subsequent instances are left in clear text.

Recommendations For PAN-OS 8.1 versions earlier than 8.1.16, update to version 8.1.16 or later to resolve the issue. For PAN-OS 9.0 versions earlier than 9.0.10, update to version 9.0.10 or later to resolve the issue. For PAN-OS 9.1 versions earlier than 9.1.4, update to version 9.1.4 or later to resolve the issue.