CVE-2024-9472

EPSS 0.26%
Veröffentlicht 14.11.2024 10:15:09
Zuletzt bearbeitet 15.11.2024 13:58:08
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.


Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.


This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:

  *  10.2.7-h12
  *  10.2.8-h10
  *  10.2.9-h9
  *  10.2.9-h11
  *  10.2.10-h2
  *  10.2.10-h3
  *  10.2.11
  *  10.2.11-h1
  *  10.2.11-h2
  *  10.2.11-h3
  *  11.1.2-h9
  *  11.1.2-h12
  *  11.1.3-h2
  *  11.1.3-h4
  *  11.1.3-h6
  *  11.2.2
  *  11.2.2-h1

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerPalo Alto Networks

≫

Produkt Cloud NGFW

Default Statusunaffected

Version All

Status unaffected

HerstellerPalo Alto Networks

≫

Produkt PAN-OS

Default Statusunaffected

Version < 11.2.2-h3

Version 11.2.2

Status affected

Version < 11.1.2-h14

Version 11.1.2-h9

Status affected

Version 11.0.0

Status unaffected

Version < 10.2.7-h16

Version 10.2.7-h12

Status affected

Version 10.1.0

Status unaffected

HerstellerPalo Alto Networks

≫

Produkt Prisma Access

Default Statusunaffected

Version All

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.491

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@paloaltonetworks.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://security.paloaltonetworks.com/CVE-2024-9472

https://nvd.nist.gov/vuln/detail/CVE-2024-9472

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9472

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9472

EUVD