Palo Alto Networks Firewalls Targeted by Hackers Exploiting DoS Flaw

December 27, 2024

Palo Alto Networks has alerted its users about hackers taking advantage of a denial of service (DoS) vulnerability, identified as CVE-2024-3393, to disable its firewall protections. This flaw triggers the firewall to reboot, and if the security issue is leveraged repeatedly, the device is forced into maintenance mode. Manual intervention is then required to restore it to normal operations.

The company's advisory states, "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall." The exploitation of this vulnerability is possible by an unauthenticated attacker who sends a specially crafted, malicious packet to an affected device. The issue is only relevant to devices where 'DNS Security' logging is enabled.

The product versions affected by CVE-2024-3393 have been listed by the company, which also confirmed that the flaw is being actively exploited. As a result, customers have experienced outages when their firewall blocked malicious DNS packets from attackers leveraging the issue.

The company has addressed the flaw in several PAN-OS versions, but noted that PAN-OS 11.0, which is impacted by CVE-2024-3393, will not receive a patch because that version reached its end-of-life (EOL) date on November 17.

Palo Alto Networks has also published workarounds and steps to mitigate the problem for those who cannot immediately update their systems. These guidelines are applicable to unmanaged NGFWs, NGFWs managed by Panorama, or Prisma Access Managed by Panorama, as well as NGFWs and Prisma Access managed by Strata Cloud Manager (SCM).

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.