CVE-2020-2044

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions prior to 8.1.16 Palo Alto Networks PAN-OS versions 9.0 prior to 9.0.10 Palo Alto Networks PAN-OS versions 9.1 prior to 9.1.3

Description An information exposure through log file vulnerability may occur where an administrator's password or other sensitive information is logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file, which tracks operational command usage, did not mask all sensitive information. This issue is resolved in PAN-OS 9.1 and later versions, where the opcmdhistory.log file is removed and command usage is recorded in the req stats.log file instead.

Recommendations For PAN-OS 8.1 versions earlier than 8.1.16, update to PAN-OS 8.1.16 or later. For PAN-OS 9.0 versions earlier than 9.0.10, update to PAN-OS 9.0.10 or later. For PAN-OS 9.1 versions earlier than 9.1.3, update to PAN-OS 9.1.3 or later.