A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.
This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:
* 10.2.7-h12
* 10.2.8-h10
* 10.2.9-h9
* 10.2.9-h11
* 10.2.10-h2
* 10.2.10-h3
* 10.2.11
* 10.2.11-h1
* 10.2.11-h2
* 10.2.11-h3
* 11.1.2-h9
* 11.1.2-h12
* 11.1.3-h2
* 11.1.3-h4
* 11.1.3-h6
* 11.2.2
* 11.2.2-h1
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://security.paloaltonetworks.com/CVE-2024-9472 |
History
Thu, 14 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 14 Nov 2024 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS: * 10.2.7-h12 * 10.2.8-h10 * 10.2.9-h9 * 10.2.9-h11 * 10.2.10-h2 * 10.2.10-h3 * 10.2.11 * 10.2.11-h1 * 10.2.11-h2 * 10.2.11-h3 * 11.1.2-h9 * 11.1.2-h12 * 11.1.3-h2 * 11.1.3-h4 * 11.1.3-h6 * 11.2.2 * 11.2.2-h1 | |
Title | PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic | |
First Time appeared |
Paloaltonetworks
Paloaltonetworks pan-os |
|
Weaknesses | CWE-476 | |
CPEs | cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:* cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:*:*:*:*:*:* |
|
Vendors & Products |
Paloaltonetworks
Paloaltonetworks pan-os |
|
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: palo_alto
Published: 2024-11-14T09:34:22.665Z
Updated: 2024-11-14T14:10:30.404Z
Reserved: 2024-10-03T11:35:18.693Z
Link: CVE-2024-9472
Vulnrichment
Updated: 2024-11-14T14:10:16.846Z
NVD
Status : Awaiting Analysis
Published: 2024-11-14T10:15:09.423
Modified: 2024-11-15T13:58:08.913
Link: CVE-2024-9472
Redhat
No data.