Thursday, January 23, 2025
HomeCVE/vulnerabilityCISA Warns of Palo Alto Networks PAN-OS Vulnerability Exploited in Wild

CISA Warns of Palo Alto Networks PAN-OS Vulnerability Exploited in Wild

Published on

SIEM as a Service

Follow Us on Google News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a critical vulnerability in Palo Alto Networks PAN-OS.

Tracked as CVE-2024-3393, this flaw has been observed in active exploitation, putting systems at risk of remote disruption.

CVE-2024-3393: Malformed DNS Packet Vulnerability

This vulnerability stems from improper parsing and logging of malformed DNS packets when the DNS Security feature is enabled in Palo Alto Networks PAN-OS firewalls.

Exploiting this flaw allows threat actors to perform unauthenticated remote attacks that cause the firewall to reboot unexpectedly.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

If the attack is repeated, it forces the firewall into maintenance mode, effectively removing it from operation and leaving networks vulnerable to further compromise.

  • CWE Identifier: CWE-754 (Improper Handling of Exceptional Conditions)
  • Impact: Remote Denial of Service (DoS)
  • Exploitation: An attacker sends specifically crafted DNS packets to trigger the flaw.

While this vulnerability does not result in unauthorized access or data exfiltration, its ability to incapacitate firewalls makes it a significant threat to organizations dependent on Palo Alto Networks for perimeter security and traffic management.

CISA has confirmed that CVE-2024-3393 is being exploited in the wild. However, whether this vulnerability is currently being leveraged in ransomware campaigns or broader cybercrime operations remains unknown.

Nevertheless, security experts warn that given the critical nature of this flaw, advanced threat actors could integrate it into more complex attack chains to disrupt critical infrastructure or aid in infiltration.

  • Vendor Guidance: Palo Alto Networks has issued guidance and patches to address CVE-2024-3393. Organizations are advised to immediately implement these updates.
  • Interim Measures: If patches cannot be applied, disabling the DNS Security feature may mitigate the risk temporarily, though this could reduce firewall functionality.
  • Last-Resort Option: In extreme cases where mitigations cannot be implemented, discontinuing the use of vulnerable products is recommended.

CISA has set a due date of January 20, 2025, for organizations to ensure appropriate mitigations are applied.

This alert underscores the importance of timely patching and vigilance in today’s rapidly evolving threat environment.

Organizations using Palo Alto Networks PAN-OS should act swiftly to protect their networks from the operational disruptions posed by CVE-2024-3393.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...