Palo Alto Networks, a leading firewall provider, has issued a warning regarding a vulnerability in its PAN-OS software that is being exploited by unauthenticated attackers to crash customers’ firewalls. The company is currently working on pushing updates to address this issue.
The vulnerability specifically affects the DNS Security feature of the PAN-OS software, allowing attackers to send a malicious packet through the data plane of the firewall, causing it to reboot. Repeated attempts to exploit this vulnerability can force the firewall into maintenance mode. Palo Alto Networks has identified this vulnerability as CVE-2024-3393.
Reports of active attacks exploiting this flaw started surfacing earlier this week. Administrators have noted that the attack occurs when the firewall blocks malicious DNS traffic, particularly through the “Advanced DNS Security” feature in Palo Alto products. The severity of the flaw is classified as “high,” with a CVSS value of 8.7 for firewalls and 7.1 for Prisma Access security service edge devices.
Security expert Kevin Beaumont highlighted that attackers can exploit the vulnerability to crash vulnerable devices, emphasizing the importance of applying patches promptly to prevent further disruption. Palo Alto firewall administrators have shared their experiences of unexpected behavior, such as high-availability failovers and reboots, prior to identifying the source of the problem as this particular vulnerability.
Palo Alto Networks has recommended enabling DNS Security logging to be affected by this issue, part of the “Advanced DNS Security” feature that requires an active license for full functionality. However, it appears that having a license does not mitigate the vulnerability, leaving all users susceptible unless patched or a workaround is applied.
To address the flaw, Palo Alto has released PAN-OS updates for various versions, including 10.1.x, 10.2.x, and 11.1.x. The company also outlined temporary mitigations that companies can implement until the patch is applied. These measures vary depending on whether Prisma Access customers use Panorama or Strata Cloud Manager firewall management tools.
In response to the incident, Palo Alto Networks has reassured its customers that a fix will be provided promptly, with upgrades scheduled for impacted systems in the coming weeks. The company is committed to maintaining the security and integrity of its products to prevent further exploitation of vulnerabilities.
This particular vulnerability in Palo Alto’s software has similarities to a recent zero-day vulnerability discovered in FortiOS software used in Fortinet devices. Security expert Kevin Beaumont noted that both vulnerabilities pose significant risks, and updating to the latest versions of the operating systems is crucial to mitigating these threats.
Overall, the exploitation of vulnerabilities in firewall software underscores the ongoing challenges faced by organizations in securing their networks against cyber threats. As attackers continue to target edge devices, vigilance and timely patching are essential to protect against potential disruptions and data breaches.