from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 11 Apr 2024 13:45
https://sh.itjust.works/post/17665703
-
CVE-2024-3385: High-severity vulnerability that allows a remote and unauthenticated attacker to reboot hardware-based firewalls by sending specially crafted packets. If repeated, the attacks can force the firewall into maintenance mode, requiring manual intervention for reactivation. It only affects PA-5400 and PA-7000 firewalls when GTP security is disabled.
-
CVE-2024-3384: Another high-severity DoS vulnerability in firewalls that can be exploited remotely without authentication. It uses specially crafted NTLM packets to reboot firewalls running PAN-OS, which can also lead to maintenance mode with the need for manual intervention.
-
CVE-2024-3382: DoS vulnerability with a higher attack complexity that allows an attacker to send a series of malicious packets through the firewall, interrupting traffic processing. Only devices with the SSL Forward Proxy feature enabled are affected.
-
CVE-2024-3383: High-severity vulnerability in PAN-OS related to the processing of data received from Cloud Identity Engine (CIE) agents. It can be exploited to modify User-ID groups, impacting user access to network resources, where access may be inappropriately denied or granted based on existing security policy rules.
In addition to these four high-severity vulnerabilities, Palo Alto Networks has fixed medium-severity issues related to decryption exclusions, user impersonation, and third-party open-source components. In the Panorama Software, a medium-severity issue was fixed that could be leveraged to conduct Man-in-the-Middle (MitM) attacks and capture encrypted traffic.
Palo Alto Networks has reported that it is not aware of any malicious exploitation of these vulnerabilities.
threaded - newest