CVE-2024-3384
published 2024-04-10CVE-2024-3384: A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.89%
54.7th percentile
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.0.0 < 10.0.12 | 10.0.12 |
| palo_alto_networks | pan-os | >= 8.1.0 < 8.1.24 | 8.1.24 |
| palo_alto_networks | pan-os | >= 9.0.0 < 9.0.17 | 9.0.17 |
| palo_alto_networks | pan-os | >= 9.1.0 < 9.1.15-h1 | 9.1.15-h1 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.0.0 < 10.0.12 | 10.0.12 |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.24 | 8.1.24 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.17 | 9.0.17 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.15 | 9.1.15 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hwc4-2rmw-hcvq: A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN M
ghsa_unreviewed·2024-04-10
CVE-2024-3384 [HIGH] CWE-1286 GHSA-hwc4-2rmw-hcvq: A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN M
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
Palo Alto
PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
vendor_paloalto·2024-04-10·CVSS 7.5
CVE-2024-3384 [HIGH] CWE-1286 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15-h1, PAN-OS 10.0.12, and all later PAN-OS versions.
No detection rules found.
No public exploits indexed.
2024-04-10
Published