CVE-2024-3393 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability

Exploit added

December 30, 2024

Action due

January 20, 2025

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

References

https://security.paloaltonetworks.com/CVE-2024-3393

Weakness Enumeration

CWE-ID	CWE Name
CWE-754	Improper Check for Unusual or Exceptional Conditions

Known Affected Software Configurations

cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:8.1.24:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.17:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.18:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.15:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.17:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h8::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.13:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.16:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.19:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.2:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.12:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.11:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.1.3:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.5:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.9:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.5:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.3:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h7::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h6::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h3::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h5::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h2::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:-::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h4::::::
cpe:2.3:o:paloaltonetworks:pan-os:9.0.14:h3::::::

Details

Source:
NVD

Published:
December 27, 2024

Updated:
January 14, 2025

Risk information

CVSS v3

Base score:
7.5

Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2

Not defined