- 345/2024
- High
Palo Alto has released a security update to fix a vulnerability affecting Palo Alto PAN-OS software.
The addressed vulnerability could allow the remote attacker to perform denial of service attacks caused by sending a malicious packet through the data plane of the firewall that reboots the firewall, also repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
PAN-OS Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet Vulnerability (CVE-2024-3393):
- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
It should be highlighted that Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.
Vulnerabilities
CVE-2024-3393
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.