CVE-2024-3385 — Improper Input Validation in Palo Alto Networks Pan-os

CWE-20 — Improper Input Validation CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.7%

top 14.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Cloud Ngfw +2 more

Timeline

PublishedApr 10

Description

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDpaloaltonetworks/pan-os9.1.0 — 9.1.17+5

▶CVEListV5palo_alto_networks/pan-os9.0.0 — 9.0.17-h4+4

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cloud_ngfw

▶Palo Altopaloalto/prisma_access

🔴Vulnerability Details

CVEList

PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled↗2024-04-10

▶

GHSA

GHSA-8x2m-vwxp-r65j: A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls↗2024-04-10

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled↗2024-04-10

▶