github - ghsa-hwc4-2rmw-hcvq

ghsa-hwc4-2rmw-hcvq

Vulnerability from github

Published

2024-04-10 18:30

Modified

2024-04-10 18:30

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T17:15:57Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.",
  "id": "GHSA-hwc4-2rmw-hcvq",
  "modified": "2024-04-10T18:30:48Z",
  "published": "2024-04-10T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3384"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2024-3384"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-3384

Vulnerability from cvelistv5

Published

2024-04-10 17:06

Modified

2024-08-01 20:12

Severity

7.5 (High) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets

References

URL	Tags
https://security.paloaltonetworks.com/CVE-2024-3384

Impacted products

Vendor	Product
Palo Alto Networks	PAN-OS
Palo Alto Networks	Cloud NGFW
Palo Alto Networks	Prisma Access

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3384",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T15:54:19.998958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:32:38.411Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:12:06.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-3384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "8.1.24",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.1.24",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.0.17",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.0.17",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.1.15-h1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.1.15-h1",
              "status": "affected",
              "version": "9.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.0.12",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.0.12",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "10.1.0"
            },
            {
              "status": "unaffected",
              "version": "10.2.0"
            },
            {
              "status": "unaffected",
              "version": "11.0.0"
            },
            {
              "status": "unaffected",
              "version": "11.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue affects only PAN-OS configurations with NTLM authentication enabled. You should verify whether NTLM authentication is enabled by checking your firewall web interface (Device \u003e User Identification \u003e User Mapping \u003e Palo Alto Networks User-ID Agent Setup \u003e NTLM)."
            }
          ],
          "value": "This issue affects only PAN-OS configurations with NTLM authentication enabled. You should verify whether NTLM authentication is enabled by checking your firewall web interface (Device \u003e User Identification \u003e User Mapping \u003e Palo Alto Networks User-ID Agent Setup \u003e NTLM)."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks rqu for discovering and reporting this issue."
        }
      ],
      "datePublic": "2024-04-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online."
            }
          ],
          "value": "A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-10T17:06:21.704Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "url": "https://security.paloaltonetworks.com/CVE-2024-3384"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15-h1, PAN-OS 10.0.12, and all later PAN-OS versions.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15-h1, PAN-OS 10.0.12, and all later PAN-OS versions.\n"
        }
      ],
      "source": {
        "defect": [
          "PAN-198992"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-10T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-3384",
    "datePublished": "2024-04-10T17:06:21.704Z",
    "dateReserved": "2024-04-05T17:40:17.390Z",
    "dateUpdated": "2024-08-01T20:12:06.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.