CVE-2024-3382

Published Apr 10, 2024

Last updated a month ago

CVSS high 7.5

Overview

Description: A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.
Source: psirt@paloaltonetworks.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

psirt@paloaltonetworks.com: CWE-770
nvd@nist.gov: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "243077CD-5021-4DF3-8AC7-5B14F7FD9710",
            "versionEndExcluding": "10.2.7",
            "versionStartIncluding": "10.2.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60048B56-C9E4-4492-9F4F-485AC3690FA6",
            "versionEndExcluding": "11.0.4",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21CFD38A-7AED-4CEE-BDA9-77D815689C58",
            "versionEndExcluding": "11.1.2",
            "versionStartIncluding": "11.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5410:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C702B085-D739-4E06-805F-D01144279071"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5420:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "29237799-7DF5-478C-AE36-EC8E8416EAB7"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5430:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CEB69E29-2974-4963-96D6-E0C08D7777F4"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5440:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1F7914EA-FEA6-4911-9A47-4F516BEE6663"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5445:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "37BC54A5-071C-4F62-87EB-2314CA019B08"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References