A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS: * 10.2.7-h12 * 10.2.8-h10 * 10.2.9-h9 * 10.2.9-h11 * 10.2.10-h2 * 10.2.10-h3 * 10.2.11 * 10.2.11-h1 * 10.2.11-h2 * 10.2.11-h3 * 11.1.2-h9 * 11.1.2-h12 * 11.1.3-h2 * 11.1.3-h4 * 11.1.3-h6 * 11.2.2 * 11.2.2-h1
History

Thu, 14 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 09:45:00 +0000

Type Values Removed Values Added
Description A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS: * 10.2.7-h12 * 10.2.8-h10 * 10.2.9-h9 * 10.2.9-h11 * 10.2.10-h2 * 10.2.10-h3 * 10.2.11 * 10.2.11-h1 * 10.2.11-h2 * 10.2.11-h3 * 11.1.2-h9 * 11.1.2-h12 * 11.1.3-h2 * 11.1.3-h4 * 11.1.3-h6 * 11.2.2 * 11.2.2-h1
Title PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic
First Time appeared Paloaltonetworks
Paloaltonetworks pan-os
Weaknesses CWE-476
CPEs cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:*:*:*:*:*:*
Vendors & Products Paloaltonetworks
Paloaltonetworks pan-os
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber'}


cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-11-14T09:34:22.665Z

Updated: 2024-11-14T14:10:30.404Z

Reserved: 2024-10-03T11:35:18.693Z

Link: CVE-2024-9472

cve-icon Vulnrichment

Updated: 2024-11-14T14:10:16.846Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-14T10:15:09.423

Modified: 2024-11-15T13:58:08.913

Link: CVE-2024-9472

cve-icon Redhat

No data.