CVE-2024-3393
HIGH KEVPalo Alto Networks PAN-OS >= 11.1.0 < 11.1.1 - Unauthenticated Denial of Service via Malicious DNS Packet
Title source: llmExploitation Summary
CVE-2024-3393 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 30, 2024.
Description
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://security.paloaltonetworks.com/CVE-2024-3393
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3393
Scores
CVSS v3
7.5
EPSS
0.7972
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2024-12-30
VulnCheck KEV
2024-12-27
InTheWild.io
2024-12-30
ENISA EUVD
EUVD-2024-31982
CWE
CWE-754
Status
published
Products (9)
paloaltonetworks/pan-os
10.1.14 (4 CPE variants)
paloaltonetworks/pan-os
10.2.8 (7 CPE variants)
paloaltonetworks/pan-os
10.2.9 (7 CPE variants)
paloaltonetworks/pan-os
10.2.10 (8 CPE variants)
paloaltonetworks/pan-os
10.2.11 (7 CPE variants)
paloaltonetworks/pan-os
10.2.12 (4 CPE variants)
paloaltonetworks/pan-os
10.2.13 (2 CPE variants)
paloaltonetworks/pan-os
11.1.2 (8 CPE variants)
paloaltonetworks/pan-os
11.1.3 (3 CPE variants)
Published
Dec 27, 2024
KEV Added
Dec 30, 2024
Tracked Since
Feb 18, 2026