CVE-2024-3393

PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet

CVSS 8.7 HIGHEPSS 26.6%● KEVCWE-754

In short

A flaw in Palo Alto Networks PAN-OS DNS Security feature allows an attacker to crash the firewall by sending a specially crafted packet, causing it to reboot repeatedly until it stops working.

Technical detail

An unauthenticated attacker can exploit a denial of service vulnerability in the PAN-OS DNS Security feature by sending a malicious packet through the firewall's data plane, triggering an uncontrolled reboot condition. Repeated exploitation forces the device into maintenance mode, rendering it unavailable.

Summary generated and translated by AI from the official description.

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber

Affected products

Palo Alto Networks · Cloud NGFW Palo Alto Networks · PAN-OS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.paloaltonetworks.com/CVE-2024-3393 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3393