Palo Alto Networks PAN-OS: Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS (CVE-2024-3393) #shorts

CVE

This CVE describes a vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS which allows an unauthenticated attacker to exploit the firewall. By sending a carefully crafted packet through the data plane, the attacker can forcibly reboot the device. If this rebooting action is attempted repeatedly, it can escalate to the firewall repeatedly entering maintenance mode, ultimately causing a service disruption. This issue impacts several PAN-OS versions including those less than 11.2.3, 11.1.2-h16, 10.2.8-h19, and 10.1.14-h8. Since no specific tools are required and exploitation details are forthcoming, any user running affected versions is potentially vulnerable.

Watch the full video on YouTube: CVE-2024-3393

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-3393
Description
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Provider
palo_alto
CWE / problem types
CWE-754 Improper Check for Unusual or Exceptional Conditions
Affected Software Versions
Palo Alto Networks:Cloud NGFW:[{'status': 'unaffected', 'version': 'All'}],Palo Alto Networks:PAN-OS:[{'changes': [{'at': '11.2.3', 'status': 'unaffected'}], 'lessThan': '11.2.3', 'status': 'affected', 'version': '11.2.0', 'versionType': 'custom'}, {'changes': [{'at': '11.1.2-h16', 'status': 'unaffected'}, {'at': '11.1.3-h13', 'status': 'unaffected'}, {'at': '11.1.4-h7', 'status': 'unaffected'}, {'at': '11.1.5', 'status': 'unaffected'}], 'lessThan': '11.1.2-h16', 'status': 'affected', 'version': '11.1.0', 'versionType': 'custom'}, {'changes': [{'at': '10.2.8-h19', 'status': 'unaffected'}, {'at': '10.2.9-h19', 'status': 'unaffected'}, {'at': '10.2.10-h12', 'status': 'unaffected'}, {'at': '10.2.11-h10', 'status': 'unaffected'}, {'at': '10.2.12-h4', 'status': 'unaffected'}, {'at': '10.2.13-h2', 'status': 'unaffected'}, {'at': '10.2.14', 'status': 'unaffected'}], 'lessThan': '10.2.8-h19', 'status': 'affected', 'version': '10.2.8', 'versionType': 'custom'}, {'changes': [{'at': '10.1.14-h8', 'status': 'unaffected'}, {'at': '10.1.15', 'status': 'unaffected'}], 'lessThan': '10.1.14-h8', 'status': 'affected', 'version': '10.1.14', 'versionType': 'custom'}],Palo Alto Networks:PAN-OS:[{'changes': [{'at': '10.2.8', 'status': 'affected'}, {'at': '10.2.9-h19', 'status': 'unaffected'}, {'at': '10.2.10-h12', 'status': 'unaffected'}], 'lessThan': '10.2.8', 'status': 'unaffected', 'version': '10.2.0', 'versionType': 'custom'}, {'changes': [{'at': '11.2.3', 'status': 'unaffected'}], 'lessThan': '11.2.3', 'status': 'affected', 'version': '11.2.0', 'versionType': 'custom'}]
Date Published
2024-12-27T09:44:24.538Z
Last Updated
2024-12-30T17:20:22.893Z