Source: The Hacker News
Author: [email protected] (The Hacker News)
URL: https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html
# ONE SENTENCE SUMMARY:
A critical vulnerability in Palo Alto Networks’ PAN-OS may cause denial-of-service, impacting several software versions and requiring immediate updates.
# MAIN POINTS:
1. Vulnerability CVE-2024-3393 has a high severity score of 8.7.
2. Affects PAN-OS versions 10.X and 11.X, plus specific Prisma Access versions.
3. Allows unauthenticated attackers to trigger firewall reboots via malicious DNS packets.
4. Repeated attacks can put firewalls into maintenance mode.
5. Firewalls with DNS Security logging enabled are particularly vulnerable.
6. Severity drops to 7.1 if access is limited to authenticated users.
7. Several maintenance releases also address this vulnerability.
8. PAN-OS 11.0 has no fix due to reaching end-of-life status.
9. Workaround includes disabling DNS Security logging for unmanaged firewalls.
10. Users are advised to act promptly to upgrade their software.
# TAKEAWAYS:
1. Ensure all PAN-OS systems are updated to mitigate the vulnerability.
2. Review firewall configurations to identify exposure to the vulnerability.
3. Use certain workarounds if immediate updates cannot be performed.
4. Keep track of the severity reduction when restricting user access.
5. Monitor communications from Palo Alto Networks for further updates.