Description
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
A n a t t a c k e r s e n d s a m a l i c i o u s p a c k e t t h r o u g h t h e f i r e w a l l , w h i c h p r o c e s s e s a m a l i c i o u s p a c k e t t h a t t r i g g e r s t h i s i s s u e .
P r i s m a A c c e s s , w h e n o n l y p r o v i d i n g a c c e s s t o a u t h e n t i c a t e d e n d u s e r s , p r o c e s s e s a m a l i c i o u s p a c k e t t h a t t r i g g e r s t h i s i s s u e .
CISA Known Exploited Vulnerability
Date added 2024-12-30 | Due date 2025-01-20
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Problem types
CWE-754 Improper Check for Unusual or Exceptional Conditions
Product status
All
11.2.0 (custom) before 11.2.3
11.1.0 (custom) before 11.1.2-h16
10.2.8 (custom) before 10.2.8-h19
10.1.14 (custom) before 10.1.14-h8
10.2.0 (custom) before 10.2.8
11.2.0 (custom) before 11.2.3
Timeline
| 2024-12-27: | Initial publication |
Credits
Palo Alto Networks thanks the CERT-EE team for their extra effort in providing invaluable forensic and analytic assistance.
References
www.cisa.gov/...nerabilities-catalog?field_cve=CVE-2024-3393
security.paloaltonetworks.com/CVE-2024-3393
