CVE-2024-2550

Summary

A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPAN-OS11.2.0unaffected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.5affected
Palo Alto NetworksPAN-OS11.0.0 < 11.0.6affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.11affected
Palo Alto NetworksPAN-OS10.1.0unaffected
Palo Alto NetworksPrisma AccessAllunaffected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References