Unathorized Access to GlobalProtect Service through Null Pointer Dereference Vulnerability
CVE-2024-2550
Currently unrated 🤨
Key Information
- Vendor
- Palo Alto Networks
- Status
- Cloud Ngfw
- Pan-os
- Prisma Access
- Vendor
- CVE Published:
- 14 November 2024
Badges
👾 Exploit Exists
Summary
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
Affected Version(s)
Cloud NGFW >= All
PAN-OS >= 11.2.0
PAN-OS < 11.1.5
Refferences
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Michael Baker from AC3