CVE-2024-3384

A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
palo_altoCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
paloaltonetworkspan-os
8.1.0 ≤
𝑥
< 8.1.24
paloaltonetworkspan-os
9.0.0 ≤
𝑥
< 9.0.17
paloaltonetworkspan-os
9.1.0 ≤
𝑥
< 9.1.15
paloaltonetworkspan-os
10.0.0 ≤
𝑥
< 10.0.12
paloaltonetworkspan-os
9.1.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2024-3384
https://security.paloaltonetworks.com/CVE-2024-3384