securityadvisories.paloaltonetworks.com
Open in
urlscan Pro
34.71.120.0
Public Scan
URL:
https://securityadvisories.paloaltonetworks.com/CVE-2024-3385
Submission: On April 16 via api from IN — Scanned from DE
Submission: On April 16 via api from IN — Scanned from DE
Form analysis
0 forms found in the DOMText Content
* Get support * Security advisories * Report vulnerabilities * Subscribe * RSS feed Palo Alto Networks Security Advisories / CVE-2024-3385 CVE-2024-3385 PAN-OS: FIREWALL DENIAL OF SERVICE (DOS) WHEN GTP SECURITY IS DISABLED 047910 Severity 8.2 · HIGH Urgency MODERATE Response Effort LOW Recovery USER Value Density DIFFUSE Attack Vector NETWORK Attack Complexity LOW Attack Requirements PRESENT Automatable YES User Interaction NONE Product Confidentiality NONE Product Integrity NONE Product Availability HIGH Privileges Required NONE Subsequent Confidentiality NONE Subsequent Integrity NONE Subsequent Availability NONE NVD JSON Published 2024-04-10 Updated 2024-04-10 Reference PAN-221224 Discovered externally DESCRIPTION A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls PRODUCT STATUS VersionsAffectedUnaffectedCloud NGFW NoneAllPAN-OS 11.1NoneAllPAN-OS 11.0< 11.0.3>= 11.0.3PAN-OS 10.2< 10.2.8>= 10.2.8PAN-OS 10.1< 10.1.12>= 10.1.12PAN-OS 9.1< 9.1.17>= 9.1.17PAN-OS 9.0< 9.0.17-h4>= 9.0.17-h4Prisma Access NoneAll REQUIRED CONFIGURATION FOR EXPOSURE This does not affect VM-Series firewalls, CN-Series firewalls, Cloud NGFWs, or Prisma Access. This issue affects only PAN-OS configurations with GTP Security disabled; it does not affect PAN-OS configurations that have GTP Security enabled. You should verify whether GTP Security is disabled by checking your firewall web interface (Device > Setup > Management > General Settings) and take the appropriate actions as needed. SEVERITY: HIGH CVSSv4.0 Base Score: 8.2 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber) EXPLOITATION STATUS Palo Alto Networks is not aware of any malicious exploitation of this issue. This was encountered by two customers in normal production usage. WEAKNESS TYPE CWE-20 Improper Input Validation CWE-476: NULL Pointer Dereference SOLUTION This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions. WORKAROUNDS AND MITIGATIONS Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94993 (introduced in Applications and Threats content version 8832). ACKNOWLEDGMENTS Palo Alto Networks thanks an external reporter for discovering and reporting this issue. TIMELINE 2024-04-10 Initial publication Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions © 2024 Palo Alto Networks, Inc. All rights reserved.