Updates announced this week for Palo Alto Networks’ PAN-OS operating system patch several vulnerabilities, including high-severity flaws that can be exploited to disrupt firewalls.
Three high-severity vulnerabilities can be exploited for denial-of-service (DoS) attacks. One of them is CVE-2024-3385, which allows an unauthenticated, remote attacker to cause hardware-based firewalls to reboot using specially crafted packets. Repeated attacks can cause the firewall to enter maintenance mode, requiring manual intervention to bring it back online.
The issue has been found to only impact PA-5400 and PA-7000 firewalls, and only when GTP security is disabled.
While Palo Alto Networks is not aware of any malicious attacks exploiting CVE-2024-3385, the company is aware of this issue being triggered in the case of two customers during normal production usage.
Another firewall DoS vulnerability that can be exploited remotely without authentication is CVE-2024-3384. It can be used to reboot PAN-OS firewalls using specially crafted NTLM packets. Similar to CVE-2024-3385, it can cause a firewall to enter maintenance mode, requiring manual intervention to restore the system.
The third DoS flaw is CVE-2024-3382, which has a higher attack complexity. It enables an attacker to send a burst of malicious packets through the firewall, preventing it from processing traffic. Only devices with the SSL Forward Proxy feature enabled are affected.
Palo Alto Networks has also informed customers about CVE-2024-3383, a high-severity PAN-OS vulnerability related to how data received from Cloud Identity Engine (CIE) agents is processed. The security hole can be exploited to modify User-ID groups and “it impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules”.
In addition to these four high-severity vulnerabilities, Palo Alto Networks has fixed medium-severity issues related to decryption exclusions, user impersonation, and third-party open source components.
In its Panorama Software, the vendor has fixed a medium-severity issue that can be leveraged to conduct MitM attacks and capture encrypted traffic.
Palo Alto Networks says it’s not aware of malicious exploitation for any of these vulnerabilities.
Related: ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities
Related: Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments
