Cybersecurity Threat Advisory: PAN-OS critical vulnerability

Home / QSOL IT News / critical vulnerability / Cybersecurity Threat Advisory: PAN-OS critical vulnerability
Cybersecurity Threat Advisory

Cybersecurity Threat Advisory

A critical vulnerability, tracked as CVE-2024-3393 with a CVSS score of 8.7, has been identified in Palo Alto Networks’ PAN-OS software. This flaw allows unauthenticated attackers to send specially crafted packets that can reboot affected firewalls, leading to potential service disruptions. Review the details of this Cybersecurity Threat Advisory to learn more.

What is the threat?

CVE-2024-3393 is a Denial-of-Service (DoS) vulnerability impacting the DNS Security feature of Palo Alto PAN-OS. An attacker can exploit this vulnerability by transmitting a specially crafted malicious network packet through the firewall’s data plane to cause unexpected reboot. Repeating attempts can force the affected firewall into maintenance mode, requiring manual restoration.

Why is it noteworthy?

Palo Alto firewalls is part of an organization’s critical infrastructure to secure network traffic and prevent unauthorized access. A successful exploitation can lead to significant network downtime, disrupt operations, and impact the security posture of an organization. These types of vulnerability are often exploited in targeted campaigns by advanced threat actors.

What is the exposure or risk?

Organizations using vulnerable versions of PAN-OS with the DNS Security logging feature enabled are at high risk of network compromise, data theft, and system disruption. The following PAN-OS versions are impacted:

  • All versions prior to 11.2.3.
  • All versions prior to 11.1.5.
  • All versions between 10.2.8 and prior to 10.2.10 hotfix 2 or 10.2.13 hotfix 2
  • All versions prior to 10.1.14 hotfix 8

What are the recommendations?

Barracuda recommends the following actions to mitigate this threat:

  • Upgrade to the patched versions PAN-OS 10.1.15, 10.2.14, 11.1.5, 11.2.3, or later releases at your earliest convenience.
  • Disable DNS Security logging if upgrading is not feasible to prevent exploitation.
  • Review firewall logs regularly for any anomalies, such as unexpected reboots or suspicious entries indicating malicious DNS packets.
  • Deploy proactive network monitoring tools, such as Barracuda Managed XDR Network Security, to detect unusual traffic patterns.
  • Establish and rehearse manual recovery procedures from maintenance mode to minimize downtime in case of successful exploitation.

Reference:

For more in-depth information about the recommendations, please visit the following link:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.

This post originally appeared on Smarter MSP.

Related Post

Top highlights of 2024 on SmarterMSP.com

2024 has been a busy year for SmarterMSP.com. Our team has curated content to help managed service providers (MSPs) enhance

best of 2024, Business, cybersecurity, Featured, phishing, Security, SmarterMSP, Syndicated, top highlights

Managed data infrastructure services gaining momentum

Data creation and storage are growing exponentially, and more organizations are turning to managed service providers (MSPs) to handle the

AI, cloud computing, data infrastructure, Featured, IT, lot, MSP, MSPs, Security, Syndicated

Experts look back at 2024’s cybersecurity news

The year 2024 was full of cybersecurity news. It was a year of data breaches, ransomware, the rise of quantum

2024, AI, cybersecurity, Featured, personal, phishing, ransomware, Security, Syndicated, Zero Trust
How GPU and AI Technologies Are Accelerating Biotech Breakthroughs

How GPU and AI Technologies Are Accelerating Biotech

AI and generative AI are dramatically accelerating the pace of scientific research. We’ll share the new GPU and AI technology

Biotech, QSOL Featured, Science, Security, Syndicated, Technology