⚠ Actively exploited
Added to CISA KEV on 2024-12-30. Federal agencies required to patch by 2025-01-20. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2024-3393 — Improper Check for Unusual or Exceptional Conditions in Palo Alto Networks Pan-os
Severity
8.7HIGHNVD
EPSS
77.7%
top 1.00%
CISA KEV
KEV
Added 2024-12-30
Due 2025-01-20
Exploit
Exploited in wild
Active exploitation observed
Timeline
PublishedDec 27
KEV addedDec 30
KEV dueJan 20
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L