CVE-2021-3031 PAN-OS: Information exposure in Ethernet data frame construction (Etherleak) Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. https://security.paloaltonetworks.com/CVE-2021-3031 Workarounds and Mitigations There is no workaround to prevent the information leak in the Ethernet packets; however, restricting access to the networks mitigates the risk of this issue. This issue fixed in latest software versions , but we need some workaround. Can we restrict data plane interface access of NGFW as workaround for this security advisory.
... View more