CVE-2024-3384

EUVD-2024-31973
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
palo_altoCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
paloaltonetworkspan-os
8.1.0 ≤
𝑥
< 8.1.24
paloaltonetworkspan-os
9.0.0 ≤
𝑥
< 9.0.17
paloaltonetworkspan-os
9.1.0 ≤
𝑥
< 9.1.15
paloaltonetworkspan-os
10.0.0 ≤
𝑥
< 10.0.12
paloaltonetworkspan-os
9.1.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2024-3384
https://security.paloaltonetworks.com/CVE-2024-3384