Palo Alto Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet (CVE-2024-3393)
CVE number = CVE-2024-3393
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
This issue is applicable to specified PAN-OS software versions listed here, VM-Series firewalls, CN-Series firewalls, and Prisma Access.
This issue does not affect Cloud NGFW, Panorama M-Series, or Panorama virtual appliances.
Both of the following must be true for PAN-OS software to be affected:
- Either a DNS Security License or an Advanced DNS Security License must be applied, AND
- DNS Security logging must be enabled.
This issue is fixed in PAN-OS 10.1.15, PAN-OS 10.2.14, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.
Further information available at – https://security.paloaltonetworks.com/CVE-2024-3393
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.