What is the severity of CVE-2024-2550?

CVE-2024-2550 is classified as a denial-of-service vulnerability which can lead to significant service disruption.

How do I fix CVE-2024-2550?

To mitigate CVE-2024-2550, upgrade your Palo Alto Networks PAN-OS to versions 11.1.5, 11.0.6, 10.2.11 or apply the relevant security patches.

Which Palo Alto Networks products are affected by CVE-2024-2550?

CVE-2024-2550 impacts Palo Alto Networks PAN-OS, Prisma Access, and Cloud NGFW products.

What kind of attack vector does CVE-2024-2550 use?

CVE-2024-2550 can be exploited by an unauthenticated attacker sending a specially crafted packet to the GlobalProtect gateway.

What are the potential impacts of CVE-2024-2550?

Exploitation of CVE-2024-2550 can lead to a denial of service, causing the GlobalProtect service on the firewall to stop functioning.

Vulnerability/
CVE-2024-2550

high

8.7

CWE

476

13/11/2024

14/11/2024

6/1/2025

24/1/2025

CVE-2024-2550: PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet (Severity: MEDIUM)

First published: Wed Nov 13 2024(Updated: )

A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

Credit: psirt@paloaltonetworks.com

Affected Software	Affected Version	How to fix
Palo Alto Networks Cloud NGFW
Palo Alto Networks PAN-OS	<11.1.5=11.1.0<11.0.6=11.0.0<10.2.11=10.2.0	11.1.5 11.1.4-h9 11.0.6 10.2.11 10.2.10-h10 10.2.9-h18 10.2.8-h18 10.2.7-h21
Palo Alto Networks Prisma Access
Palo Alto Networks PAN-OS	>=10.2.0<10.2.7
Palo Alto Networks PAN-OS	>=11.0.0<11.0.6
Palo Alto Networks PAN-OS	>=11.1.0<11.1.4
Palo Alto Networks PAN-OS	=10.2.7-h1
Palo Alto Networks PAN-OS	=10.2.7-h12
Palo Alto Networks PAN-OS	=10.2.7-h16
Palo Alto Networks PAN-OS	=10.2.7-h18
Palo Alto Networks PAN-OS	=10.2.7-h19
Palo Alto Networks PAN-OS	=10.2.7-h3
Palo Alto Networks PAN-OS	=10.2.7-h6
Palo Alto Networks PAN-OS	=10.2.7-h8
Palo Alto Networks PAN-OS	=10.2.8
Palo Alto Networks PAN-OS	=10.2.8-h10
Palo Alto Networks PAN-OS	=10.2.8-h13
Palo Alto Networks PAN-OS	=10.2.8-h15
Palo Alto Networks PAN-OS	=10.2.8-h3
Palo Alto Networks PAN-OS	=10.2.8-h4
Palo Alto Networks PAN-OS	=10.2.9
Palo Alto Networks PAN-OS	=10.2.9-h1
Palo Alto Networks PAN-OS	=10.2.9-h11
Palo Alto Networks PAN-OS	=10.2.9-h14
Palo Alto Networks PAN-OS	=10.2.9-h16
Palo Alto Networks PAN-OS	=10.2.9-h9
Palo Alto Networks PAN-OS	=10.2.10
Palo Alto Networks PAN-OS	=10.2.10-h2
Palo Alto Networks PAN-OS	=10.2.10-h3
Palo Alto Networks PAN-OS	=10.2.10-h4
Palo Alto Networks PAN-OS	=10.2.10-h5
Palo Alto Networks PAN-OS	=10.2.10-h7
Palo Alto Networks PAN-OS	=10.2.10-h9
Palo Alto Networks PAN-OS	=11.1.4
Palo Alto Networks PAN-OS	=11.1.4-h1
Palo Alto Networks PAN-OS	=11.1.4-h4
Palo Alto Networks PAN-OS	=11.1.4-h7

Remedy

This issue is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5, and all later PAN-OS versions.

Remedy

No workaround or mitigation is available.

Remedy

This issue is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5, and all later PAN-OS versions. In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making additional fixes available as noted below: * Additional 11.1 fix: * 11.1.4-h9 * Additional 10.2 fixes: * 10.2.10-h10 * 10.2.9-h18 * 10.2.8-h18 * 10.2.7-h21

Never miss a vulnerability like this again

Reference Links

https://security.paloaltonetworks.com/CVE-2024-2550

Frequently Asked Questions

What is the severity of CVE-2024-2550?
CVE-2024-2550 is classified as a denial-of-service vulnerability which can lead to significant service disruption.
How do I fix CVE-2024-2550?
To mitigate CVE-2024-2550, upgrade your Palo Alto Networks PAN-OS to versions 11.1.5, 11.0.6, 10.2.11 or apply the relevant security patches.
Which Palo Alto Networks products are affected by CVE-2024-2550?
CVE-2024-2550 impacts Palo Alto Networks PAN-OS, Prisma Access, and Cloud NGFW products.
What kind of attack vector does CVE-2024-2550 use?
CVE-2024-2550 can be exploited by an unauthenticated attacker sending a specially crafted packet to the GlobalProtect gateway.
What are the potential impacts of CVE-2024-2550?
Exploitation of CVE-2024-2550 can lead to a denial of service, causing the GlobalProtect service on the firewall to stop functioning.

agent/weakness
agent/references
agent/type
agent/author
collector/mitre-cve
source/MITRE
agent/title
agent/description
agent/trending
agent/first-publish-date
collector/paloaltonetworks-latest
source/Palo Alto Networks
collector/paloaltonetworks-api
agent/software-canonical-lookup
agent/remedy
agent/source
agent/last-modified-date
agent/severity
agent/tags
agent/softwarecombine
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
vendor/palo alto networks
canonical/palo alto networks cloud ngfw
canonical/palo alto networks pan-os
version/palo alto networks pan-os/11.1.0
version/palo alto networks pan-os/11.0.0
version/palo alto networks pan-os/10.2.0
canonical/palo alto networks prisma access
vendor/paloaltonetworks
version/palo alto networks pan-os/10.2.7-h1
version/palo alto networks pan-os/10.2.7-h12
version/palo alto networks pan-os/10.2.7-h16
version/palo alto networks pan-os/10.2.7-h18
version/palo alto networks pan-os/10.2.7-h19
version/palo alto networks pan-os/10.2.7-h3
version/palo alto networks pan-os/10.2.7-h6
version/palo alto networks pan-os/10.2.7-h8
version/palo alto networks pan-os/10.2.8
version/palo alto networks pan-os/10.2.8-h10
version/palo alto networks pan-os/10.2.8-h13
version/palo alto networks pan-os/10.2.8-h15
version/palo alto networks pan-os/10.2.8-h3
version/palo alto networks pan-os/10.2.8-h4
version/palo alto networks pan-os/10.2.9
version/palo alto networks pan-os/10.2.9-h1
version/palo alto networks pan-os/10.2.9-h11
version/palo alto networks pan-os/10.2.9-h14
version/palo alto networks pan-os/10.2.9-h16
version/palo alto networks pan-os/10.2.9-h9
version/palo alto networks pan-os/10.2.10
version/palo alto networks pan-os/10.2.10-h2
version/palo alto networks pan-os/10.2.10-h3
version/palo alto networks pan-os/10.2.10-h4
version/palo alto networks pan-os/10.2.10-h5
version/palo alto networks pan-os/10.2.10-h7
version/palo alto networks pan-os/10.2.10-h9
version/palo alto networks pan-os/11.1.4
version/palo alto networks pan-os/11.1.4-h1
version/palo alto networks pan-os/11.1.4-h4
version/palo alto networks pan-os/11.1.4-h7

CVE-2024-2550: PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet (Severity: MEDIUM)

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-2550?

How do I fix CVE-2024-2550?

Which Palo Alto Networks products are affected by CVE-2024-2550?

What kind of attack vector does CVE-2024-2550 use?

What are the potential impacts of CVE-2024-2550?

Company

Resources

Contact