8.7
CWE
476
EPSS
0.043%
Advisory Published
Advisory Published
CVE Published
Updated

CVE-2024-9472: PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic (Severity: MEDIUM)

First published: Wed Nov 13 2024(Updated: )

A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS: * 10.2.7-h12 * 10.2.8-h10 * 10.2.9-h9 * 10.2.9-h11 * 10.2.10-h2 * 10.2.10-h3 * 10.2.11 * 10.2.11-h1 * 10.2.11-h2 * 10.2.11-h3 * 11.1.2-h9 * 11.1.2-h12 * 11.1.3-h2 * 11.1.3-h4 * 11.1.3-h6 * 11.2.2 * 11.2.2-h1

Credit: psirt@paloaltonetworks.com

Affected SoftwareAffected VersionHow to fix
Palo Alto Networks Cloud NGFW
Palo Alto Networks PAN-OS<11.2.2-h3=11.2.0<11.1.2-h14=11.1.0<10.2.7-h16=10.2.0
11.2.2-h3
11.2.3
11.1.2-h14
11.1.3-h10
10.2.7-h16
10.2.8-h13
10.2.9-14
10.2.10-h7
10.2.11-h4
Palo Alto Networks Prisma Access

Remedy

This issue does not impact firewalls that do not have url proxy or any decrypt-policy configured. The issue can be completely mitigated by setting this option: > set system setting ctd nonblocking-pattern-match disable

Remedy

This issue is fixed in PAN-OS 10.2.7-h16, PAN-OS 10.2.8-h13, PAN-OS 10.2.9-h14, PAN-OS 10.2.10-h7, PAN-OS 10.2.11-h4, PAN-OS 11.1.2-h14, PAN-OS 11.1.3-h10, PAN-OS 11.2.2-h3, PAN-OS 11.2.3, and all later PAN-OS versions.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203