CVE-2024-9468

Summary

A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCloud NGFWAllunaffected
Palo Alto NetworksPAN-OS11.2.0unaffected
Palo Alto NetworksPAN-OS11.1.0 < 11.1.3affected
Palo Alto NetworksPAN-OS11.0.0 < 11.0.4-h5affected
Palo Alto NetworksPAN-OS10.2.0 < 10.2.4-h24affected
Palo Alto NetworksPAN-OS10.1.0unaffected
Palo Alto NetworksPrisma AccessAllunaffected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

Workarounds

Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94971 (introduced in Applications and Threats content version 8854).

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References