Palo Alto Networks has taken swift action to address a zero-day vulnerability that has been exploited to launch denial-of-service (DoS) attacks against its firewalls. The security flaw, known as CVE-2024-3393, affects the DNS Security feature of the PAN-OS software running on Palo Alto Networks firewalls. This vulnerability allows a malicious actor to send a specially crafted packet through the data plane, causing the firewall to reboot and potentially enter maintenance mode.
The company has acknowledged that customers have reported experiencing DoS attacks when their firewalls block malicious DNS packets triggering this issue. Despite the severity of CVE-2024-3393, Palo Alto Networks has categorized the vulnerability as having only a ‘moderate urgency’. The exploitation of this vulnerability is contingent on having DNS Security logging enabled and either a DNS Security License or an Advanced DNS Security License applied. Both conditions must be met for an attacker to exploit the vulnerability.
To address the issue, Palo Alto Networks has released patches for PAN-OS versions 10.1.14-h8, 10.2.10-h12, 11.1.5, and 11.2.3. However, PAN-OS 11.0, which reached end of life on November 17, will not receive a fix. The company has also outlined workarounds and mitigations for affected users. Additionally, Palo Alto Networks has credited Estonia’s CERT-EE for providing forensic and analytics assistance in resolving the vulnerability.
Although details about the discovery of the vulnerability or the specific attacks exploiting it are scarce, Palo Alto Networks has noted the propensity for threat groups to target its firewall vulnerabilities. In a recent campaign dubbed Operation Lunar Peek, malicious actors exploited two PAN-OS zero-days to compromise a significant number of firewalls.
This incident is not the first time Palo Alto Networks has been targeted by threat actors. Previous attacks have leveraged vulnerabilities in Palo Alto Networks’ products, highlighting the importance of timely patching and proactive security measures. As cybersecurity threats continue to evolve, organizations must remain vigilant and ensure that their systems are adequately protected against potential exploits.
In conclusion, Palo Alto Networks’ response to the CVE-2024-3393 vulnerability demonstrates the company’s commitment to addressing security concerns promptly. By releasing patches and providing guidance to customers, Palo Alto Networks aims to mitigate the risk of exploitation and protect users from potential threats. As the cybersecurity landscape evolves, it is essential for organizations to stay informed about vulnerabilities and take proactive steps to secure their systems.