CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
Versions | Affected | Unaffected |
---|---|---|
Cloud NGFW | None | All |
PAN-OS 11.1 | None | All |
PAN-OS 11.0 | None | All |
PAN-OS 10.2 | None | All |
PAN-OS 10.1 | None | All |
PAN-OS 10.0 | < 10.0.12 | >= 10.0.12 |
PAN-OS 9.1 | < 9.1.15-h4 | >= 9.1.15-h4 |
PAN-OS 9.0 | < 9.0.17 | >= 9.0.17 |
PAN-OS 8.1 | < 8.1.24 | >= 8.1.24 |
Prisma Access | None | All |
This issue affects only PAN-OS configurations with NTLM authentication enabled. You should verify whether NTLM authentication is enabled by checking your firewall web interface (Device > User Identification > User Mapping > Palo Alto Networks User-ID Agent Setup > NTLM).
CVSSv4.0 Base Score: 8.2 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
CWE-1286 Improper Validation of Syntactic Correctness of Input
This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15-h4, PAN-OS 10.0.12, and all later PAN-OS versions.