Category | Details |
---|---|
Threat Actors | Not specified; exploitation by unauthenticated attackers exploiting malicious DNS packets. |
Campaign Overview | High-severity denial-of-service (DoS) vulnerability (CVE-2024-3393, CVSS 8.7) in Palo Alto Networks PAN-OS software and Prisma Access firewalls. |
Target Regions | Global; affects users of PAN-OS and Prisma Access. |
Methodology | Sending malicious DNS packets through the firewall’s data plane to trigger a device reboot and maintenance mode. |
Products Targeted | PAN-OS versions 10.X, 11.X, and Prisma Access running PAN-OS. |
Malware Reference | Not applicable (DoS attack via crafted DNS packets). |
Tools Used | Malicious DNS packets exploiting the PAN-OS DNS Security logging feature. |
Vulnerabilities Exploited | CVE-2024-3393 (Denial-of-Service vulnerability in PAN-OS DNS Security feature). |
TTPs | Exploiting firewall vulnerabilities via DNS packet manipulation; repeated triggering to cause device reboots. |
Attribution | No specific threat actor identified; vulnerability discovered during production use by Palo Alto Networks. |
Recommendations | Update PAN-OS to patched versions (10.1.14-h8, 10.2.10-h12, 11.1.5, 11.2.3+). Temporarily disable DNS Security logging for Anti-Spyware profiles as a mitigation. |
Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html
The above summary has been generated by an AI language model
Leave a Reply