CVE-2024-3393
published 2024-12-27CVE-2024-3393: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious…
PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-01-20
Exploited in the wild
EPSS
26.64%
97.8th percentile
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.1.14 < 10.1.14-h8 | 10.1.14-h8 |
| palo_alto_networks | pan-os | >= 10.2.8 < 10.2.8-h19 | 10.2.8-h19 |
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.2-h16 | 11.1.2-h16 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.3 | 11.2.3 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | 11.1.0 – 11.1.1 | — |
| paloaltonetworks | pan-os | >= 11.2.0 < 11.2.3 | 11.2.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-3393 is only exploitable on devices where DNS Security logging is enabled. Confirm DNS Security logging is active before triaging alerts. ↗
- →Exploitation is confirmed active in the wild; customers experienced outages when their firewall blocked malicious DNS packets from attackers leveraging the issue. ↗
- →Repeated exploitation causes the firewall to enter maintenance mode — unexpected maintenance mode on a PAN-OS device should be treated as a potential exploitation indicator. ↗
- →Affected platforms include PA-Series, VM-Series, and CN-Series firewalls as well as Prisma Access — scope detection and monitoring to all three hardware/virtual form factors. ↗
- →The attack vector is the data plane (not the management plane), meaning malicious packets arrive via normal traffic interfaces — monitor data-plane traffic for anomalous DNS packets causing process crashes or reboots. ↗
- →Workaround detection signal: if DNS Security Log Severity is set to 'none' across all Anti-spyware profiles in an environment that previously had it configured, this may indicate an operator applied the CVE-2024-3393 mitigation — useful for asset/config auditing. ↗
- →Vulnerability is in the parsing and logging of malicious DNS packets in the DNS Security feature — focus packet inspection on DNS traffic directed at affected PAN-OS devices with DNS Security enabled. ↗
- ·CVE-2024-3393 only affects devices with DNS Security logging enabled. Devices without this feature configured are not exposed. ↗
- ·PAN-OS 11.0 is end-of-life (EOL as of November 17, 2024) and will NOT receive a patch for this CVE — devices on 11.0 must be upgraded to a supported version. ↗
- ·Fixed versions are PAN-OS 10.1.14-h8, 10.2.10-h12, 11.1.5, and 11.2.3 (and later). Devices not yet on these versions remain vulnerable. ↗
- ·Prisma Access customers using DNS Security with affected PAN-OS versions must apply workarounds or open a support case for expedited upgrade; most cloud-based instances have already been patched. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
vulncheck8.7HIGH
cisa8.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gm94-vr86-wgqv: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malic
ghsa_unreviewed·2024-12-27
CVE-2024-3393 [HIGH] CWE-754 GHSA-gm94-vr86-wgqv: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malic
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
VulnCheck
Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
vulncheck·2024·CVSS 8.7
CVE-2024-3393 [HIGH] CWE-754 Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Affected: Palo Alto Networks PAN-OS
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://security.paloaltonetworks.com/CVE-2024-3393; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Exploit PoC: https://vulncheck.com/xdb/07151b94c337
Remediation Due: 2025-01-20
CISA
Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
cisa·2024-12-30·CVSS 8.7
CVE-2024-3393 [HIGH] CWE-754 Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
Vulnerability: Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
Affected: Palo Alto Networks PAN-OS
Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://security.paloaltonetworks.com/CVE-2024-3393 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3393
Remediation Due Date: 2025-01-20
Palo Alto
PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
vendor_paloalto·CVSS 8.7
CVE-2024-3393 [HIGH] CWE-754 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, CN-Series firewalls, and Prisma Access.
Affected products: Cloud NGFW, PAN-OS
Solution: This issue is fixed in PAN-OS 10.1.15, PAN-OS 10.2.14, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.
Note: PAN-OS 11.0 reached the end of life (EOL) on November 17,
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Palo Alto Networks warns of DoS bug letting hackers disable firewalls
blogs_bleepingcomputer·2026-01-15·CVSS 6.6
CVE-2026-0227 [MEDIUM] Palo Alto Networks warns of DoS bug letting hackers disable firewalls
## Palo Alto Networks warns of DoS bug letting hackers disable firewalls
## Sergiu Gatlan
Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks.
Tracked as CVE-2026-0227, this security flaw affects next-generation firewalls (running PAN-OS 10.1 or later) and Palo Alto Networks' Prisma Access configurations when the GlobalProtect gateway or portal is enabled.
The cybersecurity company says that most cloud-based Prisma Access instances have already been patched, with those left to be secured already scheduled for an upgrade.
"A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated a
Checkpoint
30th December – Threat Intelligence Report
blogs_checkpoint·2024-12-30·CVSS 9.8
CVE-2024-50623 [CRITICAL] 30th December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 30th December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 30th December, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The Clop ransomware gang exploited a zero-day vulnerability (CVE-2024-50623) in Cleo’s Secure File Transfer products and is extorting 66 companies following alleged data theft. The attackers have given the victims 48 hours to initiate ransom negotiations before publicly disclosing their identities. This incident mirrors
Bleepingcomputer
Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
blogs_bleepingcomputer·2024-12-27·CVSS 8.7
CVE-2024-3393 [HIGH] Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
## Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
## Bill Toulas
Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot.
Leveraging the security issue repeatedly, however, causes the device to enter maintenance mode and manual intervention is required to restore it to normal operations.
"A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall," reads the advisory .
## DoS bug is actively exploited
Palo Alto Networks says that exploiting the vulnerability is possible by an unauthenticated att
2024-12-27
Published
2024-12-30
Added to CISA KEV
Exploited in the wild