CVE-2024-3385

PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled

Description

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls

Remediation

Solution:

This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.

Workaround:

Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94993 (introduced in Applications and Threats content version 8832).

References

Link	Tags
https://security.paloaltonetworks.com/CVE-2024-3385	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-3385?: CVE-2024-3385 has been scored as a high severity vulnerability.
How to fix CVE-2024-3385?: To fix CVE-2024-3385: This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.
Is CVE-2024-3385 being actively exploited in the wild?: It is possible that CVE-2024-3385 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-3385?: CVE-2024-3385 affects Palo Alto Networks PAN-OS, Palo Alto Networks Cloud NGFW, Palo Alto Networks Prisma Access.

Description

Remediation

Categories

CWE-20 – Improper Input Validation

CWE-476 – NULL Pointer Dereference

References

Frequently Asked Questions