| Category | Details |
|---|---|
| Threat Actors | Not specified; exploitation by unauthenticated attackers exploiting malicious DNS packets. |
| Campaign Overview | High-severity denial-of-service (DoS) vulnerability (CVE-2024-3393, CVSS 8.7) in Palo Alto Networks PAN-OS software and Prisma Access firewalls. |
| Target Regions | Global; affects users of PAN-OS and Prisma Access. |
| Methodology | Sending malicious DNS packets through the firewall’s data plane to trigger a device reboot and maintenance mode. |
| Products Targeted | PAN-OS versions 10.X, 11.X, and Prisma Access running PAN-OS. |
| Malware Reference | Not applicable (DoS attack via crafted DNS packets). |
| Tools Used | Malicious DNS packets exploiting the PAN-OS DNS Security logging feature. |
| Vulnerabilities Exploited | CVE-2024-3393 (Denial-of-Service vulnerability in PAN-OS DNS Security feature). |
| TTPs | Exploiting firewall vulnerabilities via DNS packet manipulation; repeated triggering to cause device reboots. |
| Attribution | No specific threat actor identified; vulnerability discovered during production use by Palo Alto Networks. |
| Recommendations | Update PAN-OS to patched versions (10.1.14-h8, 10.2.10-h12, 11.1.5, 11.2.3+). Temporarily disable DNS Security logging for Anti-Spyware profiles as a mitigation. |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html
The above summary has been generated by an AI language model
Leave a Reply