First published: Wed Nov 13 2024(Updated: )
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Palo Alto Networks Cloud NGFW | ||
Palo Alto Networks PAN-OS | <11.0.5=11.0.0<10.2.4-h6=10.2.0<10.1.14=10.1.0 | 11.0.5 10.2.4-h6 10.2.5 10.1.14 |
Palo Alto Networks Prisma Access |
This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.4-h6, PAN-OS 10.2.5, PAN-OS 11.0.5, and all later PAN-OS versions.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.