CVE-2024-9472 — NULL Pointer Dereference in Palo Alto Networks Pan-os

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

8.7HIGHNVD

EPSS

0.3%

top 43.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloalto Cloud Ngfw Paloalto Pan-os +1 more

Timeline

PublishedNov 14

Description

A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are n…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5palo_alto_networks/pan-os11.2.2 — 11.2.2-h3+2

▶Palo Altopaloalto/cloud_ngfw

▶Palo Altopaloalto/prisma_access

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-4jjw-9p2j-2v46: A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platfor↗2024-11-14

▶

CVEList

PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic↗2024-11-14

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic↗

▶