Multiple Palo Alto Networks Firewall Flaws Let Attackers Cause Disruption
Palo Alto Networks has lately disclosed four high-severity vulnerabilities in its firewall merchandise.
If exploited, these flaws could per chance additionally allow attackers to disrupt companies and products by inflicting a denial of service (DoS) or manipulating consumer win admission to controls. The vulnerabilities are tracked as CVE-2024-3382, CVE-2024-3383, and CVE-2024-3384.
CVE-2024-3382: Denial of Provider through Crafted Packets
The major vulnerability, CVE-2024-3382, impacts the PAN-OS working machine and can lead to a denial of service (DoS) situation when the firewall processes a burst of specifically crafted packets. This speak specifically impacts PA-5400 Series devices with the SSL Forward Proxy perform enabled. Palo Alto Networks has addressed this flaw in PAN-OS variations 10.2.7-h3, 11.0.4, 11.1.2, and later.
CVE-2024-3383: Depraved Neighborhood Membership Change
CVE-2024-3383 is a vulnerability in the Cloud Identification Engine (CIE) ingredient of PAN-OS, which could per chance additionally allow unauthorized changes to Particular person-ID groups. This flaw could per chance additionally result in despicable win admission to preserve watch over choices, affecting the security of community sources. The corporate has mounted this speak in PAN-OS variations 10.1.11, 10.2.5, 11.0.3, and all subsequent releases.
CVE-2024-3384: DoS through Malformed NTLM Packets
The third vulnerability, CVE-2024-3384, involves the handling of malformed NTLM packets, which could per chance additionally reason PAN-OS firewalls to reboot and doubtlessly enter repairs mode. This vulnerability requires manual intervention to restore the firewall to operational assign. Fixes were launched in PAN-OS variations 8.1.24, 9.0.17, 9.1.15-h1, and 10.0.12, amongst others.
CVE-2024-3385: Denial of Provider when GTP Safety is Disabled
The third vulnerability, CVE-2024-3385, impacts hardware-primarily primarily based firewalls in the PA-5400 and PA-7000 series. It permits remote attackers to reboot the firewalls through a snort packet processing mechanism when GTP Safety is disabled. Admire the others, this vulnerability is rated with high severity, having a CVSSv4.0 Nasty Salvage of 8.2.
Affected Variations and Alternatives
Palo Alto Networks has no longer seen any malicious exploitation of these vulnerabilities. On the opposite hand, given their high severity ratings, prospects are advised to apply the provided patches or discover urged mitigation strategies.
Under is a abstract desk of the affected variations for every CVE:
| CVE ID | Affected Variations | Unaffected Variations |
|---|---|---|
| CVE-2024-3382 | PAN-OS 11.1 < 11.1.2, PAN-OS 11.0 < 11.0.4, PAN-OS 10.2 < 10.2.7-h3 | PAN-OS 11.1 >= 11.1.2, PAN-OS 11.0 >= 11.0.4, PAN-OS 10.2 >= 10.2.7-h3 |
| CVE-2024-3383 | PAN-OS 11.0 < 11.0.3, PAN-OS 10.2 < 10.2.5, PAN-OS 10.1 < 10.1.11 | PAN-OS 11.0 >= 11.0.3, PAN-OS 10.2 >= 10.2.5, PAN-OS 10.1 >= 10.1.11 |
| CVE-2024-3384 | PAN-OS 10.0 < 10.0.12, PAN-OS 9.1 < 9.1.15-h1, PAN-OS 9.0 < 9.0.17, PAN-OS 8.1 < 8.1.24 | PAN-OS 10.0 >= 10.0.12, PAN-OS 9.1 >= 9.1.15-h1, PAN-OS 9.0 >= 9.0.17, PAN-OS 8.1 >= 8.1.24 |
| CVE-2024-3385 | PAN-OS 11.0 < 11.0.3, PAN-OS 10.2 < 10.2.8, PAN-OS 10.1 < 10.1.12, PAN-OS 9.1 < 9.1.17, PAN-OS 9.0 < 9.0.17-h4 | PAN-OS 11.0 >= 11.0.3, PAN-OS 10.2 >= 10.2.8, PAN-OS 10.1 >= 10.1.12, PAN-OS 9.1 >= 9.1.17, PAN-OS 9.0 >= 9.0.17-h4 |
Alongside with these high-severity flaws, Palo Alto mounted some medium security flaws; a total advisory could per chance additionally additionally be stumbled on here.
For detailed mitigation instructions and to invent certain the security of their networks, prospects are advised to consult the professional Palo Alto Networks documentation or contact their toughen companies and products.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
Source credit : cybersecuritynews.com
