Skip to main content
All vulnerabilities
CVE-2024-3393

Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability

Palo Alto NetworksPAN-OS

Added to KEV catalog
30 December 2024
Federal remediation due date
20 January 2025
Weakness classification (CWE)
CWE-754

CISA Description

Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes

https://security.paloaltonetworks.com/CVE-2024-3393 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3393

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services