CVE-2024-3385

Published Apr 10, 2024

Last updated a month ago

CVSS high 7.5

Overview

Description: A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls
Source: psirt@paloaltonetworks.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

psirt@paloaltonetworks.com: CWE-20
nvd@nist.gov: CWE-476

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E954D7B2-125D-4246-BEC8-4A5E0DFEC580",
            "versionEndIncluding": "9.0.16",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F9FFBA6-7008-422B-9CF1-E37CA62081EB",
            "versionEndExcluding": "9.1.17",
            "versionStartIncluding": "9.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC18B586-8FE2-4362-9F60-490FCB52569F",
            "versionEndExcluding": "10.1.12",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C430BDF9-C688-47F9-BE38-D75460AE5B17",
            "versionEndExcluding": "10.2.8",
            "versionStartIncluding": "10.2.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6B9B8A6-A4A7-4C14-9D22-50FEF531F15D",
            "versionEndExcluding": "11.0.3",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDAE9753-EF8D-4B15-A73C-0EF56FE6C78C"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A142EE1-E516-4582-9A7E-6E4C74FB3991"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5410:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C702B085-D739-4E06-805F-D01144279071"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5420:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "29237799-7DF5-478C-AE36-EC8E8416EAB7"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5430:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CEB69E29-2974-4963-96D6-E0C08D7777F4"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5440:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1F7914EA-FEA6-4911-9A47-4F516BEE6663"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-5445:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "37BC54A5-071C-4F62-87EB-2314CA019B08"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-7050:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1536A4E4-D769-45C8-B85C-4A1A4F4AAEC0"
          },
          {
            "criteria": "cpe:2.3:h:paloaltonetworks:pa-7080:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "01AEF722-2554-4B30-8821-84B20F3BA8CC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References