securityadvisories.paloaltonetworks.com
Open in
urlscan Pro
34.71.120.0
Public Scan
URL:
https://securityadvisories.paloaltonetworks.com/CVE-2024-3384
Submission: On April 16 via api from IN — Scanned from DE
Submission: On April 16 via api from IN — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
* Get support * Security advisories * Report vulnerabilities * Subscribe * RSS feed Palo Alto Networks Security Advisories / CVE-2024-3384 CVE-2024-3384 PAN-OS: FIREWALL DENIAL OF SERVICE (DOS) VIA MALFORMED NTLM PACKETS 047910 Severity 8.2 · HIGH Urgency MODERATE Response Effort MODERATE Recovery USER Value Density DIFFUSE Attack Vector NETWORK Attack Complexity LOW Attack Requirements PRESENT Automatable NO User Interaction NONE Product Confidentiality NONE Product Integrity NONE Product Availability HIGH Privileges Required NONE Subsequent Confidentiality NONE Subsequent Integrity NONE Subsequent Availability NONE NVD JSON Published 2024-04-10 Updated 2024-04-10 Reference PAN-198992 Discovered externally DESCRIPTION A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. PRODUCT STATUS VersionsAffectedUnaffectedCloud NGFW NoneAllPAN-OS 11.1NoneAllPAN-OS 11.0NoneAllPAN-OS 10.2NoneAllPAN-OS 10.1NoneAllPAN-OS 10.0< 10.0.12>= 10.0.12PAN-OS 9.1< 9.1.15-h1>= 9.1.15-h1PAN-OS 9.0< 9.0.17>= 9.0.17PAN-OS 8.1< 8.1.24>= 8.1.24Prisma Access NoneAll REQUIRED CONFIGURATION FOR EXPOSURE This issue affects only PAN-OS configurations with NTLM authentication enabled. You should verify whether NTLM authentication is enabled by checking your firewall web interface (Device > User Identification > User Mapping > Palo Alto Networks User-ID Agent Setup > NTLM). SEVERITY: HIGH CVSSv4.0 Base Score: 8.2 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber) EXPLOITATION STATUS Palo Alto Networks is not aware of any malicious exploitation of this issue. WEAKNESS TYPE CWE-1286 Improper Validation of Syntactic Correctness of Input SOLUTION This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15-h1, PAN-OS 10.0.12, and all later PAN-OS versions. ACKNOWLEDGMENTS Palo Alto Networks thanks rqu for discovering and reporting this issue. TIMELINE 2024-04-10 Initial publication Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions © 2024 Palo Alto Networks, Inc. All rights reserved.