PAN-OS Memory Leak on PA-5400 via SSL Forward Proxy
CVE-2024-3382 Published on April 10, 2024
PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.
Vulnerability Analysis
CVE-2024-3382 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Timeline
Initial publication
Weakness Type
Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Products Associated with CVE-2024-3382
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks PAN-OS:- Version 9.0.0 is unaffected.
- Version 9.1.0 is unaffected.
- Version 10.1.0 is unaffected.
- Version 10.2.0 and below 10.2.7-h3 is affected.
- Version 11.0.0 and below 11.0.4 is affected.
- Version 11.1.0 and below 11.1.2 is affected.
- Version All is unaffected.
- Version All is unaffected.
- Version 9.0.0 is unaffected.
- Version 9.1.0 is unaffected.
- Version 10.1.0 is unaffected.
- Version 10.2.0 and below 10.2.7-h3 is affected.
- Version 11.0.0 and below 11.0.4 is affected.
- Version 11.1.0 and below 11.1.2 is affected.
- Before * is unaffected.
- Before * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.