The Cybersecurity and Infrastructure Security Agency (CISA) recently added CVE-2024-3393 to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability affects Palo Alto Networks’ PAN-OS software and involves a malformed DNS packet vulnerability.
Advertisements
Key Details:
- CVE-2024-3393: This vulnerability stems from improper parsing and logging of malformed DNS packets in PAN-OS.
- Impact: An unauthenticated attacker could exploit this flaw to remotely reboot the affected firewall, potentially disrupting critical network operations . Repeated exploitation attempts could force the firewall into maintenance mode, taking it offline.
- Mitigation: Palo Alto Networks has issued guidance on addressing the flaw, which must be implemented promptly. If mitigations are not feasible, organizations should consider temporarily discontinuing the use of the affected product.
CISA strongly urges organizations to prioritize timely remediation of vulnerabilities listed in the KEV catalog to protect against active threats. Also, it kept the deadline as January 20th, 2025, for federal agencies to remediate the vulnerability
Nice information