Attackers are actively exploiting a vulnerability to disable Palo Alto Networks firewalls, the company reports. Security updates for the issue have been made available. The vulnerability, designated CVE-2024-3393, resides in PAN-OS, the operating system that runs on Palo Alto Networks’ firewalls.
When an unauthenticated attacker sends a malicious DNS packet to the firewall, the vulnerability causes the firewall to reboot. If this happens repeatedly, the firewall will go into maintenance mode and will no longer provide protection until the device is put back into operational mode. Palo Alto Networks states that two conditions are required for abuse, namely that DNS Security License or an Advanced DNS Security License has been applied and DNS Security logging is enabled.
The security company also reports that several customers experienced such a denial of service when their firewall processed malicious DNS packets. The impact of the vulnerability is rated 8.7 on a scale of 1 to 10. Palo Alto Networks did not provide further details about the attacks, but thanked the Computer Emergency Response Team of Estonia (CERT-EE) for “forensic and analytical” assistance.
In short:
| Aspect | Details |
|---|---|
| Vulnerability ID | CVE-2024-3393 |
| Affected System | PAN-OS (Palo Alto Networks’ firewall operating system) |
| Exploit Method | Sending malicious DNS packets to the firewall |
| Impact | Causes firewall to reboot; repeated attacks lead to maintenance mode (protection disabled) |
| Severity Rating | 8.7 out of 10 |
