CVE-2024-3385
published 2024-04-10CVE-2024-3385: A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.90%
55.2th percentile
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
This affects the following hardware firewall models:
- PA-5400 Series firewalls
- PA-7000 Series firewalls
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.1.0 < 10.1.12 | 10.1.12 |
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.8 | 10.2.8 |
| palo_alto_networks | pan-os | >= 11.0.0 < 11.0.3 | 11.0.3 |
| palo_alto_networks | pan-os | >= 9.0.0 < 9.0.17-h4 | 9.0.17-h4 |
| palo_alto_networks | pan-os | >= 9.1.0 < 9.1.17 | 9.1.17 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.12 | 10.1.12 |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.8 | 10.2.8 |
| paloaltonetworks | pan-os | >= 11.0.0 < 11.0.3 | 11.0.3 |
| paloaltonetworks | pan-os | 9.0.0 – 9.0.16 | — |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.17 | 9.1.17 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8x2m-vwxp-r65j: A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls
ghsa_unreviewed·2024-04-10
CVE-2024-3385 [HIGH] CWE-20 GHSA-8x2m-vwxp-r65j: A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
This affects the following hardware firewall models:
- PA-5400 Series firewalls
- PA-7000 Series firewalls
Palo Alto
PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
vendor_paloalto·2024-04-10·CVSS 7.5
CVE-2024-3385 [HIGH] CWE-20 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
This affects the following hardware firewall models:
- PA-5400 Series firewalls
- PA-7000 Series firewalls
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.
Workaround: Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94993 (introduced in App
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-10
Published