CISA Warns of Palo Alto Networks PAN-OS Vulnerability Exploited in Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a critical vulnerability in Palo Alto Networks PAN-OS.

Tracked as CVE-2024-3393, this flaw has been observed in active exploitation, putting systems at risk of remote disruption.

CVE-2024-3393: Malformed DNS Packet Vulnerability

This vulnerability stems from improper parsing and logging of malformed DNS packets when the DNS Security feature is enabled in Palo Alto Networks PAN-OS firewalls.

Exploiting this flaw allows threat actors to perform unauthenticated remote attacks that cause the firewall to reboot unexpectedly.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

If the attack is repeated, it forces the firewall into maintenance mode, effectively removing it from operation and leaving networks vulnerable to further compromise.

• CWE Identifier: CWE-754 (Improper Handling of Exceptional Conditions)
• Impact: Remote Denial of Service (DoS)
• Exploitation: An attacker sends specifically crafted DNS packets to trigger the flaw.

While this vulnerability does not result in unauthorized access or data exfiltration, its ability to incapacitate firewalls makes it a significant threat to organizations dependent on Palo Alto Networks for perimeter security and traffic management.

CISA has confirmed that CVE-2024-3393 is being exploited in the wild. However, whether this vulnerability is currently being leveraged in ransomware campaigns or broader cybercrime operations remains unknown.

Nevertheless, security experts warn that given the critical nature of this flaw, advanced threat actors could integrate it into more complex attack chains to disrupt critical infrastructure or aid in infiltration.

• Vendor Guidance: Palo Alto Networks has issued guidance and patches to address CVE-2024-3393. Organizations are advised to immediately implement these updates.
• Interim Measures: If patches cannot be applied, disabling the DNS Security feature may mitigate the risk temporarily, though this could reduce firewall functionality.
• Last-Resort Option: In extreme cases where mitigations cannot be implemented, discontinuing the use of vulnerable products is recommended.

CISA has set a due date of January 20, 2025, for organizations to ensure appropriate mitigations are applied.

This alert underscores the importance of timely patching and vigilance in today’s rapidly evolving threat environment.

Organizations using Palo Alto Networks PAN-OS should act swiftly to protect their networks from the operational disruptions posed by CVE-2024-3393.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free