CVE-2024-3393

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS versions 10.X and 11.X, including Prisma Access.

Description: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. The vulnerability is being actively exploited by hackers to disable firewall protections. Over 8,500 services are potentially vulnerable to this exploit, and more than 500 PAN-OS installations in RuNet are at risk, with 32 being potentially vulnerable and 218 hosts running an unsupported version of PAN-OS.

Recommendations: Update to PAN-OS 10.1.14-h8 or later to fix the vulnerability. As a temporary workaround, consider disabling the logging option of the "DNS Security" function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the DNS Security feature until the issue is resolved.