The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about an actively exploited vulnerability in Palo Alto Networks PAN-OS firewall software. This critical flaw, tracked as CVE-2024-3393, allows attackers to remotely disable firewall protections, potentially leaving networks exposed to further compromise.
The vulnerability, which resides in the DNS Security feature of PAN-OS, can be triggered by unauthenticated attackers sending malicious packets to affected devices. Successful exploitation forces the firewall to reboot, disrupting network security. Repeated attacks can even push the device into maintenance mode, requiring manual intervention to restore normal operations.
“A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall,” explains the advisory from Palo Alto Networks.
Palo Alto Networks has confirmed that CVE-2024-3393 is being actively exploited in the wild, with customers experiencing outages due to attacks leveraging this vulnerability.
Who is at risk?
This vulnerability affects PAN-OS versions 10.1, 10.2, 11.0, 11.1, and 11.2. However, it’s important to note that PAN-OS 11.0 has reached its end-of-life and will not receive a patch. Organizations running this version are particularly vulnerable and should prioritize upgrading to a supported version.
What can you do?
Palo Alto Networks has released patches for supported PAN-OS versions. Organizations are strongly urged to update their firewalls to the latest versions immediately:
- PAN-OS 10.1.14-h8
- PAN-OS 10.2.10-h12
- PAN-OS 11.1.5
- PAN-OS 11.2.3
For those who cannot immediately apply the patches, Palo Alto Networks has also provided mitigation steps and workarounds to reduce the risk of exploitation.
CISA has added CVE-2024-3393 to its Known Exploited Vulnerabilities (KEV) catalog, mandating that federal agencies patch their systems by January 20, 2025. This underscores the severity of the vulnerability and the urgency for all organizations to take action.
Related Posts:
- CVE-2024-3393: PAN-OS Vulnerability Now Exploited in the Wild
- Palo Alto Networks Investigates Potential Remote Code Execution Vulnerability in PAN-OS
- Palo Alto Networks Raises Alarm on Firewall Vulnerability Following Active Exploitation
- PAN-OS arbitrary code execution vulnerability
- DNS Tunneling: The Hidden Threat Exploited by Cyberattackers
