• Vulnerable U
  • Posts
  • Palo Alto Networks: Threat Actors Targeting PAN-OS Flaw

Palo Alto Networks: Threat Actors Targeting PAN-OS Flaw

Threat actors are currently targeting a denial-of-service vulnerability in the DNS Security feature of the PAN-OS software.

Author

Newsroom
December 27, 2024

Palo Alto Networks is warning of a denial-of-service vulnerability in the DNS Security feature of its PAN-OS software. Threat actors are currently targeting the flaw to disable victim firewalls, according to the company’s Thursday security advisory.

Key Details: 

  • The flaw (CVE-2024-3393) “allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall,” according to Palo Alto Networks. “Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode”

  • The DNS Security logging feature must be enabled in the PAN-OS software for customers to be impacted

  • According to the security advisory, the company is aware of customers experiencing a DoS condition “when their firewall blocks malicious DNS packets that trigger this issue”

Vendor Reaction: Several versions of PAN-OS are impacted (including certain versions of PAN-OS 11.2, 11.1, 10.2 and 10.1). Palo Alto Networks said that the issue is fixed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions. PAN-OS 11.0 reached end-of-life status on Nov. 17, 2024, so the company said it does not intend to provide a fix for this release.

Certain versions of Prisma Access are also impacted, and Palo Alto Networks said that upgrades will be coming for these versions in phases, on Jan. 3 and Jan. 10. In the meantime, the security advisory recommended that Prisma Access customers using DNS Security with impacted PAN-OS versions should apply workarounds, including the option to disable DNS Security logging across all next-generation firewalls (NGFWs), which can be done by opening a support case. The company has also provided several other workarounds, which are outlined in its advisory.

Next Steps: While we still don’t know further details about exploitation activity - including the number of customers impacted - it’s best to apply the patches or workarounds given that this flaw is being targeted by threat actors. Palo Alto Networks said that the severity of the flaw is high, and the “suggested urgency” level for response is “moderate.”