CVE-2024-3385
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
This affects the following hardware firewall models:
- PA-5400 Series firewalls
- PA-7000 Series firewalls
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | PAN-OS | 9.0.0 < 9.0.17-h4 | affected |
| Palo Alto Networks | PAN-OS | 9.1.0 < 9.1.17 | affected |
| Palo Alto Networks | PAN-OS | 10.1.0 < 10.1.12 | affected |
| Palo Alto Networks | PAN-OS | 10.2.0 < 10.2.8 | affected |
| Palo Alto Networks | PAN-OS | 11.0.0 < 11.0.3 | affected |
| Palo Alto Networks | PAN-OS | 11.1.0 | unaffected |
| Palo Alto Networks | Cloud NGFW | All | unaffected |
| Palo Alto Networks | Prisma Access | All | unaffected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
- CWE-476: CWE-476: NULL Pointer Dereference
Workarounds
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94993 (introduced in Applications and Threats content version 8832).
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.