Article Details

Hackers exploit DoS flaw to disable Palo Alto Networks firewalls. Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. Leveraging the security issue repeatedly, however, causes the device to enter maintenance mode and manual intervention is required to restore it to normal operations. "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall," reads the advisory. DoS bug is actively exploited Palo Alto Networks says that exploiting the vulnerability is possible by an unauthenticated attacker that sends a specially crafted, malicious packet to an affected device. The issue only impacts devices where 'DNS Security' logging is enabled, while the product versions affected by CVE-2024-3393 are shown below. The vendor confirmed that the flaw is actively exploited, noting that customers experienced outages when their firewall blocked malicious DNS packets from attackers leveraging the issue. The company has addressed the flaw in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and subsequent releases. However, it's noted that PAN-OS 11.0, which is impacted by CVE-2024-3393, will not receive a patch because that version has reached its end-of-life (EOL) date on November 17. Palo Alto Networks has also published workarounds and steps to mitigate the problem for those who cannot immediately update: For unmanaged NGFWs, NGFWs managed by Panorama, or Prisma Access Managed by Panorama: For NGFWs managed by Strata Cloud Manager (SCM): For Prisma Access managed by Strata Cloud Manager (SCM):