vulnerability

Palo Alto Networks PAN-OS: CVE-2024-3393: PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Dec 27, 2024	Jan 7, 2025	Jul 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Dec 27, 2024

Added

Jan 7, 2025

Modified

Jul 2, 2025

Description

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

This issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, CN-Series firewalls, and Prisma Access.

Solution

palo-alto-networks-pan-os-upgrade-latest

References

CWE-754
CVE-2024-3393
https://attackerkb.com/topics/CVE-2024-3393
URL-https://security.paloaltonetworks.com/CVE-2024-3393

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today