8.7

CVE-2024-3393

Warning

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Data is provided by the National Vulnerability Database (NVD)
PaloaltonetworksPan-os Version >= 11.1.0 <= 11.1.1
PaloaltonetworksPan-os Version >= 11.2.0 < 11.2.3
PaloaltonetworksPan-os Version10.1.14 Update-
PaloaltonetworksPan-os Version10.1.14 Updateh2
PaloaltonetworksPan-os Version10.1.14 Updateh4
PaloaltonetworksPan-os Version10.1.14 Updateh6
PaloaltonetworksPan-os Version10.2.8 Update-
PaloaltonetworksPan-os Version10.2.8 Updateh10
PaloaltonetworksPan-os Version10.2.8 Updateh13
PaloaltonetworksPan-os Version10.2.8 Updateh15
PaloaltonetworksPan-os Version10.2.8 Updateh18
PaloaltonetworksPan-os Version10.2.8 Updateh3
PaloaltonetworksPan-os Version10.2.8 Updateh4
PaloaltonetworksPan-os Version10.2.9 Update-
PaloaltonetworksPan-os Version10.2.9 Updateh1
PaloaltonetworksPan-os Version10.2.9 Updateh11
PaloaltonetworksPan-os Version10.2.9 Updateh14
PaloaltonetworksPan-os Version10.2.9 Updateh16
PaloaltonetworksPan-os Version10.2.9 Updateh18
PaloaltonetworksPan-os Version10.2.9 Updateh9
PaloaltonetworksPan-os Version10.2.10 Update-
PaloaltonetworksPan-os Version10.2.10 Updateh10
PaloaltonetworksPan-os Version10.2.10 Updateh2
PaloaltonetworksPan-os Version10.2.10 Updateh3
PaloaltonetworksPan-os Version10.2.10 Updateh4
PaloaltonetworksPan-os Version10.2.10 Updateh5
PaloaltonetworksPan-os Version10.2.10 Updateh7
PaloaltonetworksPan-os Version10.2.10 Updateh9
PaloaltonetworksPan-os Version10.2.11 Update-
PaloaltonetworksPan-os Version10.2.11 Updateh1
PaloaltonetworksPan-os Version10.2.11 Updateh2
PaloaltonetworksPan-os Version10.2.11 Updateh3
PaloaltonetworksPan-os Version10.2.11 Updateh4
PaloaltonetworksPan-os Version10.2.11 Updateh6
PaloaltonetworksPan-os Version10.2.11 Updateh9
PaloaltonetworksPan-os Version10.2.12 Update-
PaloaltonetworksPan-os Version10.2.12 Updateh1
PaloaltonetworksPan-os Version10.2.12 Updateh2
PaloaltonetworksPan-os Version10.2.12 Updateh3
PaloaltonetworksPan-os Version10.2.13 Update-
PaloaltonetworksPan-os Version10.2.13 Updateh1
PaloaltonetworksPan-os Version11.1.2 Update-
PaloaltonetworksPan-os Version11.1.2 Updateh1
PaloaltonetworksPan-os Version11.1.2 Updateh12
PaloaltonetworksPan-os Version11.1.2 Updateh14
PaloaltonetworksPan-os Version11.1.2 Updateh15
PaloaltonetworksPan-os Version11.1.2 Updateh3
PaloaltonetworksPan-os Version11.1.2 Updateh4
PaloaltonetworksPan-os Version11.1.2 Updateh9
PaloaltonetworksPan-os Version11.1.3 Update-
PaloaltonetworksPan-os Version11.1.3 Updateh1
PaloaltonetworksPan-os Version11.1.3 Updateh10
PaloaltonetworksPan-os Version11.1.3 Updateh11
PaloaltonetworksPan-os Version11.1.3 Updateh2
PaloaltonetworksPan-os Version11.1.3 Updateh4
PaloaltonetworksPan-os Version11.1.3 Updateh6
PaloaltonetworksPan-os Version11.1.4 Update-
PaloaltonetworksPan-os Version11.1.4 Updateh1
PaloaltonetworksPan-os Version11.1.4 Updateh4
PaloaltonetworksPrisma Access Version-
   PaloaltonetworksPan-os Version >= 10.2.11 < 11.2.3
   PaloaltonetworksPan-os Version10.2.8 Update-
   PaloaltonetworksPan-os Version10.2.8 Updateh10
   PaloaltonetworksPan-os Version10.2.8 Updateh13
   PaloaltonetworksPan-os Version10.2.8 Updateh15
   PaloaltonetworksPan-os Version10.2.8 Updateh18
   PaloaltonetworksPan-os Version10.2.8 Updateh19
   PaloaltonetworksPan-os Version10.2.8 Updateh3
   PaloaltonetworksPan-os Version10.2.8 Updateh4
   PaloaltonetworksPan-os Version10.2.9 Update-
   PaloaltonetworksPan-os Version10.2.9 Updateh1
   PaloaltonetworksPan-os Version10.2.9 Updateh11
   PaloaltonetworksPan-os Version10.2.9 Updateh14
   PaloaltonetworksPan-os Version10.2.9 Updateh16
   PaloaltonetworksPan-os Version10.2.9 Updateh18
   PaloaltonetworksPan-os Version10.2.9 Updateh9
   PaloaltonetworksPan-os Version10.2.10 Update-
   PaloaltonetworksPan-os Version10.2.10 Updateh10
   PaloaltonetworksPan-os Version10.2.10 Updateh2
   PaloaltonetworksPan-os Version10.2.10 Updateh3
   PaloaltonetworksPan-os Version10.2.10 Updateh4
   PaloaltonetworksPan-os Version10.2.10 Updateh5
   PaloaltonetworksPan-os Version10.2.10 Updateh7
   PaloaltonetworksPan-os Version10.2.10 Updateh9

30.12.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability

Vulnerability

Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 64.73% 0.984
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
psirt@paloaltonetworks.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.