/

CVE-2024-3385 Report - Details, Severity, & Advisories

CVE-2024-3385 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3385 is a high-severity vulnerability affecting the packet processing mechanism in Palo Alto Networks PAN-OS software, specifically impacting certain hardware firewall models. A remote attacker can exploit this vulnerability to reboot hardware-based firewalls, and repeated attacks can force the firewall into maintenance mode, requiring manual intervention to restore functionality. This issue is particularly concerning for organizations relying on these firewalls to protect their networks and systems.

How do I know if I'm affected?

If you're using Palo Alto Networks PAN-OS software on PA-5400 Series or PA-7000 Series firewalls, you might be affected by the CVE-2024-3385 vulnerability. This high-severity issue allows a remote attacker to reboot your hardware-based firewalls, potentially forcing them into maintenance mode. To determine if your system is affected, check the specific software versions mentioned in the Palo Alto Networks security advisory. Note that this vulnerability does not impact Apple products.

What should I do if I'm affected?

If you're affected by the CVE-2024-3385 vulnerability, update your PAN-OS software to versions 9.0.17-h4, 9.1.17, 10.1.12, 10.2.8, 11.0.3, or later. Check if GTP Security is disabled in your firewall web interface (Device > Setup > Management > General Settings). If you have a Threat Prevention subscription, enable Threat ID 94993 to block attacks.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-3385 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects Palo Alto Networks PAN-OS software and allows a remote attacker to reboot hardware-based firewalls, potentially causing them to enter maintenance mode. The vulnerability was added to the National Vulnerability Database on April 10, 2024. There is no specified due date or required action, as the vulnerability is awaiting analysis.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as two: NULL Pointer Dereference CWE-476 and Improper Input Validation CWE-20, which can lead to firewall reboots and potential maintenance mode.

For more details

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-3385 Report - Details, Severity, & Advisories

CVE-2024-3385 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3385 is a high-severity vulnerability affecting the packet processing mechanism in Palo Alto Networks PAN-OS software, specifically impacting certain hardware firewall models. A remote attacker can exploit this vulnerability to reboot hardware-based firewalls, and repeated attacks can force the firewall into maintenance mode, requiring manual intervention to restore functionality. This issue is particularly concerning for organizations relying on these firewalls to protect their networks and systems.

How do I know if I'm affected?

If you're using Palo Alto Networks PAN-OS software on PA-5400 Series or PA-7000 Series firewalls, you might be affected by the CVE-2024-3385 vulnerability. This high-severity issue allows a remote attacker to reboot your hardware-based firewalls, potentially forcing them into maintenance mode. To determine if your system is affected, check the specific software versions mentioned in the Palo Alto Networks security advisory. Note that this vulnerability does not impact Apple products.

What should I do if I'm affected?

If you're affected by the CVE-2024-3385 vulnerability, update your PAN-OS software to versions 9.0.17-h4, 9.1.17, 10.1.12, 10.2.8, 11.0.3, or later. Check if GTP Security is disabled in your firewall web interface (Device > Setup > Management > General Settings). If you have a Threat Prevention subscription, enable Threat ID 94993 to block attacks.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-3385 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects Palo Alto Networks PAN-OS software and allows a remote attacker to reboot hardware-based firewalls, potentially causing them to enter maintenance mode. The vulnerability was added to the National Vulnerability Database on April 10, 2024. There is no specified due date or required action, as the vulnerability is awaiting analysis.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as two: NULL Pointer Dereference CWE-476 and Improper Input Validation CWE-20, which can lead to firewall reboots and potential maintenance mode.

For more details

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-3385 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2024-3385 is a high-severity vulnerability affecting the packet processing mechanism in Palo Alto Networks PAN-OS software, specifically impacting certain hardware firewall models. A remote attacker can exploit this vulnerability to reboot hardware-based firewalls, and repeated attacks can force the firewall into maintenance mode, requiring manual intervention to restore functionality. This issue is particularly concerning for organizations relying on these firewalls to protect their networks and systems.

How do I know if I'm affected?

If you're using Palo Alto Networks PAN-OS software on PA-5400 Series or PA-7000 Series firewalls, you might be affected by the CVE-2024-3385 vulnerability. This high-severity issue allows a remote attacker to reboot your hardware-based firewalls, potentially forcing them into maintenance mode. To determine if your system is affected, check the specific software versions mentioned in the Palo Alto Networks security advisory. Note that this vulnerability does not impact Apple products.

What should I do if I'm affected?

If you're affected by the CVE-2024-3385 vulnerability, update your PAN-OS software to versions 9.0.17-h4, 9.1.17, 10.1.12, 10.2.8, 11.0.3, or later. Check if GTP Security is disabled in your firewall web interface (Device > Setup > Management > General Settings). If you have a Threat Prevention subscription, enable Threat ID 94993 to block attacks.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-3385 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects Palo Alto Networks PAN-OS software and allows a remote attacker to reboot hardware-based firewalls, potentially causing them to enter maintenance mode. The vulnerability was added to the National Vulnerability Database on April 10, 2024. There is no specified due date or required action, as the vulnerability is awaiting analysis.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as two: NULL Pointer Dereference CWE-476 and Improper Input Validation CWE-20, which can lead to firewall reboots and potential maintenance mode.

For more details

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the resources listed below.