CVE-2024-3384
Last modified
CVE-2024-3384 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.. EPSS estimates a 0.89% chance of exploitation in the next 30 days.
Description
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Pan-Os | >= 8.1.0, < 8.1.24 |
| Paloaltonetworks | Pan-Os | >= 9.0.0, < 9.0.17 |
| Paloaltonetworks | Pan-Os | >= 9.1.0, < 9.1.15 |
| Paloaltonetworks | Pan-Os | >= 10.0.0, < 10.0.12 |
| Paloaltonetworks | Pan-Os | 9.1.15 |
References
- https://security.paloaltonetworks.com/CVE-2024-3384Vendor Advisory
- https://security.paloaltonetworks.com/CVE-2024-3384Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-3384?
How severe is CVE-2024-3384?
How do I fix CVE-2024-3384?
Are you affected by CVE-2024-3384?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST