Palo Alto Networks PAN-OS Software Under Denial of Service Attack via Null Pointer Dereference
CVE-2024-9472

Currently unrated

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os; Prisma Access
Vendor: CVE Published:; 14 November 2024

Summary

A vulnerability exists in Palo Alto Networks PAN-OS software that affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms. When the Decryption policy is enabled, a null pointer dereference could be exploited by unauthenticated attackers to crash the PAN-OS system. This flaw results in a denial of service condition, which may cause the system to enter maintenance mode after repeated attempts to exploit the vulnerability. Notably, the VM-Series, Cloud NGFW, and Prisma Access products are not impacted by this issue. The affected versions of PAN-OS are as follows: 10.2.7-h12, 10.2.8-h10, 10.2.9-h9, 10.2.9-h11, 10.2.10-h2, 10.2.10-h3, 10.2.11, 10.2.11-h1, 10.2.11-h2, 10.2.11-h3, 11.1.2-h9, 11.1.2-h12, 11.1.3-h2, 11.1.3-h4, 11.1.3-h6, 11.2.2, and 11.2.2-h1.

Affected Version(s)

PAN-OS 11.2.2 < 11.2.2-h3

PAN-OS 11.1.2-h9 < 11.1.2-h14

PAN-OS 10.2.7-h12 < 10.2.7-h16

References

https://security.paloaltonetworks.com/CVE-2024-9472

vendor-advisory

Timeline

Vulnerability published
Nov 14, 2024
Vulnerability Reserved
Oct 3, 2024