cve-2024-3385
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-22 18:10
Severity ?
EPSS score ?
Summary
PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T20:12:06.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2024-3385" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pan-os", "vendor": "paloaltonetworks", "versions": [ { "lessThan": "9.0.17-h4", "status": "affected", "version": "9.0.0", "versionType": "custom" }, { "lessThan": "9.1.17", "status": "affected", "version": "9.1.0", "versionType": "custom" }, { "lessThan": "10.1.12", "status": "affected", "version": "10.1.0", "versionType": "custom" }, { "lessThan": "10.2.8", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "lessThan": "11.0.3", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "status": "affected", "version": "11.1.0" } ] }, { "cpes": [ "cpe:2.3:a:paloaltonetworks:cloud_ngfw:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cloud_ngfw", "vendor": "paloaltonetworks", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:paloaltonetworks:prisma_access:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "prisma_access", "vendor": "paloaltonetworks", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-3385", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-15T15:57:38.878804Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-22T18:10:55.925Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [ { "changes": [ { "at": "9.0.17-h4", "status": "unaffected" } ], "lessThan": "9.0.17-h4", "status": "affected", "version": "9.0.0", "versionType": "custom" }, { "changes": [ { "at": "9.1.17", "status": "unaffected" } ], "lessThan": "9.1.17", "status": "affected", "version": "9.1.0", "versionType": "custom" }, { "changes": [ { "at": "10.1.12", "status": "unaffected" } ], "lessThan": "10.1.12", "status": "affected", "version": "10.1.0", "versionType": "custom" }, { "changes": [ { "at": "10.2.8", "status": "unaffected" } ], "lessThan": "10.2.8", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "changes": [ { "at": "11.0.3", "status": "unaffected" } ], "lessThan": "11.0.3", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "status": "unaffected", "version": "11.1.0" } ] }, { "defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This does not affect VM-Series firewalls, CN-Series firewalls, Cloud NGFWs, or Prisma Access.\n\nThis issue affects only PAN-OS configurations with GTP Security disabled. You should verify whether GTP Security is disabled by checking your firewall web interface (Device \u003e Setup \u003e Management \u003e General Settings) and take the appropriate actions as needed." } ], "value": "This does not affect VM-Series firewalls, CN-Series firewalls, Cloud NGFWs, or Prisma Access.\n\nThis issue affects only PAN-OS configurations with GTP Security disabled. You should verify whether GTP Security is disabled by checking your firewall web interface (Device \u003e Setup \u003e Management \u003e General Settings) and take the appropriate actions as needed." } ], "credits": [ { "lang": "en", "type": "finder", "value": "Palo Alto Networks thanks an external reporter for discovering and reporting this issue." } ], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.\n\nThis affects the following hardware firewall models:\n- PA-5400 Series firewalls\n- PA-7000 Series firewalls" } ], "value": "A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.\n\nThis affects the following hardware firewall models:\n- PA-5400 Series firewalls\n- PA-7000 Series firewalls" } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. This was encountered by two customers in normal production usage.\u003cbr\u003e" } ], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. This was encountered by two customers in normal production usage.\n" } ], "impacts": [ { "capecId": "CAPEC-153", "descriptions": [ { "lang": "en", "value": "CAPEC-153 Input Data Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-10T17:06:28.153Z", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2024-3385" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.\u003cbr\u003e" } ], "value": "This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.12, PAN-OS 10.2.8, PAN-OS 11.0.3, and all later PAN-OS versions.\n" } ], "source": { "defect": [ "PAN-221224" ], "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial publication" } ], "title": "PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94993 (introduced in Applications and Threats content version 8832).\u003cbr\u003e" } ], "value": "Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94993 (introduced in Applications and Threats content version 8832).\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2024-3385", "datePublished": "2024-04-10T17:06:28.153Z", "dateReserved": "2024-04-05T17:40:18.347Z", "dateUpdated": "2024-08-22T18:10:55.925Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-3385\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2024-04-10T17:15:57.410\",\"lastModified\":\"2024-04-10T19:49:51.183\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.\\n\\nThis affects the following hardware firewall models:\\n- PA-5400 Series firewalls\\n- PA-7000 Series firewalls\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2024-3385\",\"source\":\"psirt@paloaltonetworks.com\"}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.