Connect with us

Hi, what are you looking for?



Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption

Palo Alto Networks patches several high-severity vulnerabilities, including ones that allow DoS attacks against its firewalls.

Updates announced this week for Palo Alto Networks’ PAN-OS operating system patch several vulnerabilities, including high-severity flaws that can be exploited to disrupt firewalls.

Three high-severity vulnerabilities can be exploited for denial-of-service (DoS) attacks. One of them is CVE-2024-3385, which allows an unauthenticated, remote attacker to cause hardware-based firewalls to reboot using specially crafted packets. Repeated attacks can cause the firewall to enter maintenance mode, requiring manual intervention to bring it back online.  

The issue has been found to only impact PA-5400 and PA-7000 firewalls, and only when GTP security is disabled. 

While Palo Alto Networks is not aware of any malicious attacks exploiting CVE-2024-3385, the company is aware of this issue being triggered in the case of two customers during normal production usage.

Another firewall DoS vulnerability that can be exploited remotely without authentication is CVE-2024-3384. It can be used to reboot PAN-OS firewalls using specially crafted NTLM packets. Similar to CVE-2024-3385, it can cause a firewall to enter maintenance mode, requiring manual intervention to restore the system.

The third DoS flaw is CVE-2024-3382, which has a higher attack complexity. It enables an attacker to send a burst of malicious packets through the firewall, preventing it from processing traffic. Only devices with the SSL Forward Proxy feature enabled are affected. 

Palo Alto Networks has also informed customers about CVE-2024-3383, a high-severity PAN-OS vulnerability related to how data received from Cloud Identity Engine (CIE) agents is processed. The security hole can be exploited to modify User-ID groups and “it impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules”.

In addition to these four high-severity vulnerabilities, Palo Alto Networks has fixed medium-severity issues related to decryption exclusions, user impersonation, and third-party open source components.

Advertisement. Scroll to continue reading.

In its Panorama Software, the vendor has fixed a medium-severity issue that can be leveraged to conduct MitM attacks and capture encrypted traffic. 

Palo Alto Networks says it’s not aware of malicious exploitation for any of these vulnerabilities.

Related: ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities

Related: Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments  

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights