Source: The Hacker News Author: info@thehackernews.com (The Hacker News) URL: https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html
-
ONE SENTENCE SUMMARY: A critical vulnerability in Palo Alto Networks’ PAN-OS may cause denial-of-service, impacting several software versions and requiring immediate updates.
-
MAIN POINTS:
-
Vulnerability CVE-2024-3393 has a high severity score of 8.7.
-
Affects PAN-OS versions 10.X and 11.X, plus specific Prisma Access versions.
-
Allows unauthenticated attackers to trigger firewall reboots via malicious DNS packets.
-
Repeated attacks can put firewalls into maintenance mode.
-
Firewalls with DNS Security logging enabled are particularly vulnerable.
-
Severity drops to 7.1 if access is limited to authenticated users.
-
Several maintenance releases also address this vulnerability.
-
PAN-OS 11.0 has no fix due to reaching end-of-life status.
-
Workaround includes disabling DNS Security logging for unmanaged firewalls.
-
Users are advised to act promptly to upgrade their software.
-
TAKEAWAYS:
-
Ensure all PAN-OS systems are updated to mitigate the vulnerability.
-
Review firewall configurations to identify exposure to the vulnerability.
-
Use certain workarounds if immediate updates cannot be performed.
-
Keep track of the severity reduction when restricting user access.
-
Monitor communications from Palo Alto Networks for further updates.