/

CVE-2024-3382 Report - Details, Severity, & Advisories

CVE-2024-3382 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3382 is a high-severity vulnerability affecting Palo Alto Networks PAN-OS software on specific devices, namely PA-5400 Series devices with the SSL Forward Proxy feature enabled. This memory leak issue can be exploited by an attacker sending a burst of crafted packets through the firewall, causing it to stop processing traffic. The vulnerability impacts a limited range of systems, and users should be aware of the potential risks associated with this issue.

How do I know if I'm affected?

If you're using a PA-5400 Series device with the SSL Forward Proxy feature enabled, you might be affected by the CVE-2024-3382 vulnerability. This issue is present in PAN-OS 11.1 versions below 11.1.2, PAN-OS 11.0 versions below 11.0.4, and PAN-OS 10.2 versions below 10.2.7-h3. To determine if you're affected, check your device's PAN-OS version and ensure it's not within the mentioned ranges.

What should I do if I'm affected?

If you're affected by the CVE-2024-3382 vulnerability, it's crucial to take action. Upgrade your PAN-OS to version 10.2.7-h3, 11.0.4, 11.1.2, or a later version to fix the issue. If upgrading isn't immediately possible, disable decryption on your firewall and configure a policy-based decryption exclusion to exclude all traffic from being decrypted, ensuring decryption remains disabled after a reboot.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-3382 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, added to the National Vulnerability Database on April 10, 2024, affects specific firewall devices and can be fixed by upgrading the software or adjusting settings. No due date or required action is provided on the NVD page, but Palo Alto Networks offers a solution and workaround in their advisory.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-770, caused by a weakness in resource allocation without limits or throttling, which can lead to a firewall Denial of Service (DoS) attack.

For more details

CVE-2024-3382 is a high-severity vulnerability affecting specific Palo Alto Networks devices, with potential consequences including a Denial of Service (DoS) attack. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the link below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-3382 Report - Details, Severity, & Advisories

CVE-2024-3382 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3382 is a high-severity vulnerability affecting Palo Alto Networks PAN-OS software on specific devices, namely PA-5400 Series devices with the SSL Forward Proxy feature enabled. This memory leak issue can be exploited by an attacker sending a burst of crafted packets through the firewall, causing it to stop processing traffic. The vulnerability impacts a limited range of systems, and users should be aware of the potential risks associated with this issue.

How do I know if I'm affected?

If you're using a PA-5400 Series device with the SSL Forward Proxy feature enabled, you might be affected by the CVE-2024-3382 vulnerability. This issue is present in PAN-OS 11.1 versions below 11.1.2, PAN-OS 11.0 versions below 11.0.4, and PAN-OS 10.2 versions below 10.2.7-h3. To determine if you're affected, check your device's PAN-OS version and ensure it's not within the mentioned ranges.

What should I do if I'm affected?

If you're affected by the CVE-2024-3382 vulnerability, it's crucial to take action. Upgrade your PAN-OS to version 10.2.7-h3, 11.0.4, 11.1.2, or a later version to fix the issue. If upgrading isn't immediately possible, disable decryption on your firewall and configure a policy-based decryption exclusion to exclude all traffic from being decrypted, ensuring decryption remains disabled after a reboot.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-3382 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, added to the National Vulnerability Database on April 10, 2024, affects specific firewall devices and can be fixed by upgrading the software or adjusting settings. No due date or required action is provided on the NVD page, but Palo Alto Networks offers a solution and workaround in their advisory.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-770, caused by a weakness in resource allocation without limits or throttling, which can lead to a firewall Denial of Service (DoS) attack.

For more details

CVE-2024-3382 is a high-severity vulnerability affecting specific Palo Alto Networks devices, with potential consequences including a Denial of Service (DoS) attack. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the link below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-3382 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3382 is a high-severity vulnerability affecting Palo Alto Networks PAN-OS software on specific devices, namely PA-5400 Series devices with the SSL Forward Proxy feature enabled. This memory leak issue can be exploited by an attacker sending a burst of crafted packets through the firewall, causing it to stop processing traffic. The vulnerability impacts a limited range of systems, and users should be aware of the potential risks associated with this issue.

How do I know if I'm affected?

If you're using a PA-5400 Series device with the SSL Forward Proxy feature enabled, you might be affected by the CVE-2024-3382 vulnerability. This issue is present in PAN-OS 11.1 versions below 11.1.2, PAN-OS 11.0 versions below 11.0.4, and PAN-OS 10.2 versions below 10.2.7-h3. To determine if you're affected, check your device's PAN-OS version and ensure it's not within the mentioned ranges.

What should I do if I'm affected?

If you're affected by the CVE-2024-3382 vulnerability, it's crucial to take action. Upgrade your PAN-OS to version 10.2.7-h3, 11.0.4, 11.1.2, or a later version to fix the issue. If upgrading isn't immediately possible, disable decryption on your firewall and configure a policy-based decryption exclusion to exclude all traffic from being decrypted, ensuring decryption remains disabled after a reboot.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-3382 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, added to the National Vulnerability Database on April 10, 2024, affects specific firewall devices and can be fixed by upgrading the software or adjusting settings. No due date or required action is provided on the NVD page, but Palo Alto Networks offers a solution and workaround in their advisory.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-770, caused by a weakness in resource allocation without limits or throttling, which can lead to a firewall Denial of Service (DoS) attack.

For more details

CVE-2024-3382 is a high-severity vulnerability affecting specific Palo Alto Networks devices, with potential consequences including a Denial of Service (DoS) attack. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the link below.