(Credit: Rafael Henrique – stock.adobe.com)
Palo Alto Networks on Dec. 26 released a patch for a denial-of-service (DoS) flaw in the DNS security feature of the company’s PAN-OS firewall software.
The high-severity 8.7 bug — CVE-2024-3393 — lets an unauthenticated attacker send a malicious packet through the data plane of the firewall that actually reboots the device.
Palo Alto said repeated attempts to trigger this condition will cause the firewall to enter maintenance mode, requiring manual intervention on the part of the security team.
The company said it’s aware of customers experiencing a DoS when their firewall repeatedly blocks malicious DNS packets that trigger the issue.
According to Palo Alto, the flaw impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions 10.2.8 and later or prior to 11.2.3. The company has issued patches for PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.
Stephen Kowski, Field CTO at SlashNext Email Security, said the DNS security feature vulnerability in PAN-OS lets attackers potentially disrupt network operations through malicious DNS packets, leading to firewall reboots and maintenance mode that require manual intervention.
Kowski explained while previous PAN-OS issues reported last month focused on authentication bypass or command injection, this new DoS vulnerability specifically targets the DNS inspection mechanism that organizations rely on to detect command-and-control threats, tunneling attempts, and various DNS-based attacks.
“The fact that Palo Alto Networks discovered this in production use suggests active exploitation attempts, making immediate patching crucial for affected organizations,” said Kowski. “Modern security approaches that layer multiple inspection points and employ machine learning to analyze DNS traffic patterns can help organizations maintain protection even when primary security controls are compromised.”
Jason Soroko, senior fellow at Sectigo, added that the vulnerability operates by manipulating the data plane of the firewall. When exploited, the malicious packets trigger the firewall to enter maintenance mode after repeated attempts, effectively causing prolonged service disruptions.
“Palo Alto Networks discovered this flaw during production use and has reported that some customers are already experiencing DoS incidents as their firewalls block these harmful DNS packets,” said Soroko.
SC Staff
Numerous Italian organizations had their websites disrupted in distributed denial-of-service attacks launched by pro-Russian hacktivist operation NoName057(16) over the weekend in retaliation to Italy’s continued support to Ukraine.
Shaun Nichols
One or more threat actors are currently exploiting CVE-2025-0282 for remote takeover attacks on targeted networks.
SC Staff
Intrusions involving the now-patched flaw, which could be leveraged to facilitate remote code execution, have stemmed from seven Singapore- and Hong Kong-based IP addresses, according to an analysis from GreyNoise.
On-Demand Event
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.
Related Terms
You can skip this ad in 5 seconds
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms of Use.
About The Author
More Stories
Community-Centered Connectivity Initiatives Earn Viddy Awards Recognition
Zombie IXPs: The Four Types of Exchanges That Refuse to Die, but Fail to Live
The Shift in Peering Threatening the Internet’s Foundations