Remote NTLM Attack Reboots PAN-OS Firewall (CVE-2024-3384)
CVE-2024-3384 Published on April 10, 2024
PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
Vulnerability Analysis
CVE-2024-3384 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Timeline
Initial publication
Weakness Type
Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
Products Associated with CVE-2024-3384
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-3384 are published in Palo Alto Networks PAN-OS:
Affected Versions
Palo Alto Networks PAN-OS:- Version 8.1.0 and below 8.1.24 is affected.
- Version 9.0.0 and below 9.0.17 is affected.
- Version 9.1.0 and below 9.1.15-h1 is affected.
- Version 10.0.0 and below 10.0.12 is affected.
- Version 10.1.0 is unaffected.
- Version 10.2.0 is unaffected.
- Version 11.0.0 is unaffected.
- Version 11.1.0 is unaffected.
- Version All is unaffected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.