CVE-2024-3393

HIGH KEV

Palo Alto Networks PAN-OS - DoS

Title source: llm

Description

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Exploits (2)

vulncheck_xdb

dos

https://github.com/waived/CVE-2024-3393

View on vulncheck_xdb

inthewild

poc

https://github.com/felixfoxf/-cve-2024-3393

View on inthewild

References (2)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2024-3393

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3393

Scores

CVSS v3 7.5

EPSS 0.7769

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CISA KEV 2024-12-30

VulnCheck KEV 2024-12-27

InTheWild.io 2024-12-30

ENISA EUVD EUVD-2024-31982

CWE

CWE-754

Status published

Products (9)

paloaltonetworks/pan-os 10.1.14 (4 CPE variants)

paloaltonetworks/pan-os 10.2.8 (7 CPE variants)

paloaltonetworks/pan-os 10.2.9 (7 CPE variants)

paloaltonetworks/pan-os 10.2.10 (8 CPE variants)

paloaltonetworks/pan-os 10.2.11 (7 CPE variants)

paloaltonetworks/pan-os 10.2.12 (4 CPE variants)

paloaltonetworks/pan-os 10.2.13 (2 CPE variants)

paloaltonetworks/pan-os 11.1.2 (8 CPE variants)

paloaltonetworks/pan-os 11.1.3 (3 CPE variants)

Published Dec 27, 2024

KEV Added Dec 30, 2024

Tracked Since Feb 18, 2026