Palo Alto Networks Firewall Vulnerability “CVE-2024-3393” Exploited in the Wild

   December 27, 2024  Posted in CyberSecurityNews


Palo Alto Networks has disclosed a high-severity vulnerability, CVE-2024-3393, in its PAN-OS software that powers its next-generation firewalls.

The flaw allows unauthenticated attackers to exploit the DNS Security feature by sending specially crafted DNS packets, triggering a Denial of Service (DoS) condition. This vulnerability can cause affected firewalls to reboot and enter maintenance mode if exploited repeatedly.

The issue stems from improper handling of exceptional conditions within the DNS Security feature of PAN-OS. Attackers can send malicious packets through the firewall’s data plane, causing it to crash and reboot.

This flaw has been rated with a CVSS score of 8.7 (High), indicating significant potential for disruption. The attack complexity is low, requires no user interaction or privileges, and can be executed remotely over a network.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

Affected Versions

The vulnerability impacts multiple versions of PAN-OS:

  • PAN-OS 11.2: Affected versions are below 11.2.3.
  • PAN-OS 11.1: Affected versions are below 11.1.5.
  • PAN-OS 10.2: Versions below 10.2.8 are affected, with additional fixes in maintenance releases.
  • PAN-OS 10.1: Versions below 10.1.14 are affected.

Prisma Access customers using vulnerable PAN-OS versions are also at risk.

Palo Alto Networks has confirmed reports of exploitation in production environments, where attackers have successfully triggered DoS conditions by exploiting this vulnerability.

While the flaw does not compromise confidentiality or integrity, it significantly impacts availability, making it a critical concern for organizations relying on these firewalls for network security.

Palo Alto Networks has released patches to address the issue in the following versions:

  • PAN-OS 10.1.14-h8
  • PAN-OS 10.2.10-h12
  • PAN-OS 11.1.5
  • PAN-OS 11.2.3

Customers are strongly advised to upgrade to these versions or later to mitigate the risk.

For those unable to apply fixes immediately, temporary workarounds include disabling DNS Security logging:

  1. Navigate to Objects → Security Profiles → Anti-spyware → DNS Policies.
  2. Set the “Log Severity” to “none” for all DNS Security categories.
  3. Commit changes and revert settings once fixes are applied.

Organizations using Palo Alto firewalls should:

  1. Apply patches immediately to secure their systems.
  2. Implement recommended workarounds if patching is not feasible.
  3. Monitor firewall behavior for unexpected reboots or maintenance mode occurrences.
  4. Regularly review security advisories and maintain up-to-date software versions.

This vulnerability highlights the critical importance of timely patch management and robust monitoring practices to safeguard network infrastructure against emerging threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free



Source link