Connect with us

Hi, what are you looking for?



Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption

Palo Alto Networks patches several high-severity vulnerabilities, including ones that allow DoS attacks against its firewalls.

Updates announced this week for Palo Alto Networks’ PAN-OS operating system patch several vulnerabilities, including high-severity flaws that can be exploited to disrupt firewalls.

Three high-severity vulnerabilities can be exploited for denial-of-service (DoS) attacks. One of them is CVE-2024-3385, which allows an unauthenticated, remote attacker to cause hardware-based firewalls to reboot using specially crafted packets. Repeated attacks can cause the firewall to enter maintenance mode, requiring manual intervention to bring it back online.  

The issue has been found to only impact PA-5400 and PA-7000 firewalls, and only when GTP security is disabled. 

While Palo Alto Networks is not aware of any malicious attacks exploiting CVE-2024-3385, the company is aware of this issue being triggered in the case of two customers during normal production usage.

Another firewall DoS vulnerability that can be exploited remotely without authentication is CVE-2024-3384. It can be used to reboot PAN-OS firewalls using specially crafted NTLM packets. Similar to CVE-2024-3385, it can cause a firewall to enter maintenance mode, requiring manual intervention to restore the system.

The third DoS flaw is CVE-2024-3382, which has a higher attack complexity. It enables an attacker to send a burst of malicious packets through the firewall, preventing it from processing traffic. Only devices with the SSL Forward Proxy feature enabled are affected. 

Palo Alto Networks has also informed customers about CVE-2024-3383, a high-severity PAN-OS vulnerability related to how data received from Cloud Identity Engine (CIE) agents is processed. The security hole can be exploited to modify User-ID groups and “it impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules”.

In addition to these four high-severity vulnerabilities, Palo Alto Networks has fixed medium-severity issues related to decryption exclusions, user impersonation, and third-party open source components.

Advertisement. Scroll to continue reading.

In its Panorama Software, the vendor has fixed a medium-severity issue that can be leveraged to conduct MitM attacks and capture encrypted traffic. 

Palo Alto Networks says it’s not aware of malicious exploitation for any of these vulnerabilities.

Related: ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities

Related: Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments  

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.