Hackers exploit DoS flaw to disable Palo Alto Networks firewalls

Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot.

Leveraging the security issue repeatedly, however, causes the device to enter maintenance mode and manual intervention is required to restore it to normal operations.

“A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall,” reads the advisory.

DoS bug is actively exploited

Palo Alto Networks says that exploiting the vulnerability is possible by an unauthenticated attacker that sends a specially crafted, malicious packet to an affected device.

The issue only impacts devices where ‘DNS Security’ logging is enabled, while the product versions affected by CVE-2024-3393 are shown below.

The vendor confirmed that the flaw is actively exploited, noting that customers experienced outages when their firewall blocked malicious DNS packets from attackers leveraging the issue.

The company has addressed the flaw in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and subsequent releases.

However, it’s noted that PAN-OS 11.0, which is impacted by CVE-2024-3393, will not receive a patch because that version has reached its end-of-life (EOL) date on November 17.

Palo Alto Networks has also published workarounds and steps to mitigate the problem for those who cannot immediately update:

For unmanaged NGFWs, NGFWs managed by Panorama, or Prisma Access Managed by Panorama:

Navigate to: Objects → Security Profiles → Anti-spyware → DNS Policies → DNS Security for each Anti-spyware profile.
Change the Log Severity to “none” for all configured DNS Security categories.
Commit the changes and revert the Log Severity settings after applying the fixes.

For NGFWs managed by Strata Cloud Manager (SCM):

Option 1: Disable DNS Security logging directly on each NGFW using the steps above.
Option 2: Disable DNS Security logging across all NGFWs in the tenant by opening a support case.

For Prisma Access managed by Strata Cloud Manager (SCM):

Open a support case to disable DNS Security logging across all NGFWs in your tenant.
If needed, request to expedite the Prisma Access tenant upgrade in the support case.

Source

Leave a Comment Cancel Reply

London, GB

1:11 pm, Apr 21, 2025

16°C

L: 14° | H: 17°

Feels like 15°C° broken clouds

Humidity: 70 %

Pressure: 1009 mb

Wind: 7 mph WSW

Wind Gust: 0 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 75%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 5:51 am

Sunset: 8:06 pm

DailyHourly

Daily ForecastHourly Forecast

Today 10:00 pm

14° | 17°°C 1 mm 100% 11 mph 81 % 1013 mb 0 mm/h

Tomorrow 10:00 pm

8° | 16°°C 0 mm 0% 11 mph 86 % 1017 mb 0 mm/h

Wed Apr 23 10:00 pm

8° | 12°°C 1 mm 100% 13 mph 95 % 1016 mb 0 mm/h

Thu Apr 24 10:00 pm

9° | 15°°C 0.2 mm 20% 5 mph 86 % 1022 mb 0 mm/h

Fri Apr 25 10:00 pm

9° | 17°°C 0 mm 0% 8 mph 87 % 1022 mb 0 mm/h

Today 4:00 pm

14° | 15°°C 1 mm 100% 11 mph 70 % 1009 mb 0 mm/h

Today 7:00 pm

12° | 13°°C 1 mm 100% 8 mph 73 % 1010 mb 0 mm/h

Today 10:00 pm

10° | 10°°C 0 mm 0% 6 mph 81 % 1013 mb 0 mm/h

Tomorrow 1:00 am

9° | 9°°C 0 mm 0% 7 mph 84 % 1014 mb 0 mm/h

Tomorrow 4:00 am

8° | 8°°C 0 mm 0% 5 mph 86 % 1015 mb 0 mm/h

Tomorrow 7:00 am

8° | 8°°C 0 mm 0% 5 mph 84 % 1016 mb 0 mm/h

Tomorrow 10:00 am

12° | 12°°C 0 mm 0% 6 mph 63 % 1017 mb 0 mm/h

Tomorrow 1:00 pm

15° | 15°°C 0 mm 0% 7 mph 44 % 1017 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€75,502.15	3.40%
Ethereum(ETH)	€1,411.45	3.42%
Tether(USDT)	€0.87	0.00%
XRP(XRP)	€1.84	3.61%
Solana(SOL)	€120.66	1.93%
USDC(USDC)	€0.87	-0.01%
Dogecoin(DOGE)	€0.140233	5.43%
Shiba Inu(SHIB)	€0.000011	3.73%
Pepe(PEPE)	€0.000007	7.09%

Hackers exploit DoS flaw to disable Palo Alto Networks firewalls

Share:

DoS bug is actively exploited

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us