Source: Freepik
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding a newly discovered vulnerability in Palo Alto Networks’ PAN-OS versions. This addition reflects evidence of active exploitation, marking it as a critical risk to federal enterprises and beyond.
The vulnerability, identified as CVE-2024-3393, is classified as a Denial of Service (DoS) issue in the DNS Security feature of PAN-OS. This flaw could allow unauthenticated attackers to disrupt firewall operations, causing them to reboot repeatedly and potentially enter maintenance mode if the attack is sustained.
The vulnerability lies in the way PAN-OS processes malformed DNS packets. When a maliciously crafted packet is sent through the firewall’s data plane, it triggers a failure that forces the system to reboot. Repeated exploitation could render the firewall non-functional, thereby compromising network security.
The issue is particularly concerning for organizations using PA-Series, VM-Series, CN-Series firewalls, or Prisma Access solutions. This vulnerability affects specific versions of PAN-OS with DNS Security or Advanced DNS Security licenses enabled and DNS Security logging turned on.
The vulnerability affects:
However, older PAN-OS versions such as 9.1 and 10.0, as well as Panorama M-Series and Panorama virtual appliances, remain unaffected.
This vulnerability is rated as High Severity, with a CVSS score of 8.7 for unauthenticated scenarios. The attack requires no user interaction, making it particularly dangerous in environments where network firewalls process untrusted DNS packets.
Palo Alto Networks has confirmed cases of active exploitation, where customers reported firewall disruptions caused by malicious DNS packets triggering the vulnerability.
While Palo Alto Networks has released patches to address the issue, organizations that cannot immediately upgrade can apply the following workarounds:
These measures provide interim protection until a permanent fix is implemented.
To fully mitigate the vulnerability, affected systems should upgrade to the following PAN-OS versions:
Palo Alto Networks has also released fixes for specific maintenance releases of PAN-OS to accommodate different deployment needs.
This DoS vulnerability compromises system availability by crashing or restarting the firewall. Improper exception handling and insufficient validation of DNS packets contribute to the flaw, categorized under:
The consequences of this vulnerability extend beyond simple reboots. Attackers exploiting it could gain insights into system behavior, potentially refining their attacks to target other weaknesses.
To address this vulnerability, organizations should consider both technical and procedural defenses:
This vulnerability highlights the ongoing challenge of securing critical systems against sophisticated cyber threats. Attackers often exploit flaws in widely used technologies like PAN-OS, targeting organizations that rely heavily on them for network defense.
For federal enterprises, the risks are even higher due to the sensitive nature of their operations. CISA’s proactive inclusion of such vulnerabilities in its KEV Catalog highlights the need for timely updates and vigilant security practices.
Organizations using Palo Alto Networks’ solutions must act swiftly to mitigate this vulnerability, whether by applying patches or deploying workarounds.
By adopting strong security practices and staying informed about emerging threats, businesses can better protect their networks and maintain operational resilience in the face of increasing cyber risks.
Samiksha Jain is a seasoned journalist with 9 years of experience, passionately unraveling the intricate world of cybersecurity for The Cyber Express. Her expertise shines through in her compelling articles on data breaches and cyberattacks. When she’s not writing, you can find Samiksha exploring new destinations or enjoying playful moments with her 2-year-old. Balancing the demands of journalism and motherhood, she embodies a dynamic blend of curiosity and care. 
Stay ahead of the curve with The Cyber Express’s Daily News! Our newsletter delivers the latest cybersecurity headlines, expert insights, and critical updates straight to your inbox every morning. From breaking news and in-depth analysis to emerging threats and industry trends, our curated content ensures you’re always informed and prepared.
#1 Trending Cybersecurity News and Magazine
The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.
For editorial queries: [email protected]
For marketing and Sales: [email protected]
We’re remote friendly, with office locations around the world:
San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad, Singapore, Jakarta, Sydney, and Melbourne
Headquarters:
The Cyber Express LLC
10080 North Wolfe Road, Suite SW3-200, Cupertino, CA, US 95014
India Office:
Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063
© 2022 – 2024 The Cyber Express by Cyble. All Rights Reserved
Login to your account below
Please enter your username or email address to reset your password.
© 2022 – 2024 The Cyber Express by Cyble. All Rights Reserved
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
About The Author
More Stories
The Shift in Peering Threatening the Internet’s Foundations
Remembering Alan Barrett: A Builder of the African Internet
From Email to Case Study: What We Learned About Connecting Refugee Communities in Just One Year