Demo of the CyCognito PlatformSee the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. More...
State of External Exposure Management, Summer 2024 EditionDownload the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. More...
The Total Economic Impact™ of The CyCognito PlatformRead The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. More...
CVE-2024-3393 is a high severity (CVSS v4.0 score 8.7) Denial of Service (DoS) vulnerability affecting specific versions of Palo Alto Networks PAN-OS DNS Security feature.
This vulnerability allows unauthenticated attackers to send malicious packets through the data plane of the firewall. This forces the firewall to reboot. Repeated attempts can force the firewall into maintenance mode, requiring security teams to manually reset the firewall and significantly disrupting operations.
Both of the following must be true for PAN-OS software to be affected:
These configurations are internal settings and cannot be identified via external scanning. Organizations with PAN-OS versions within the affected range should consider these assets potentially vulnerable until internal settings are verified.
The following assets are potentially affected by CVE-2024-3393:
The following assets are not affected by CVE-2024-3393:
Upgrading to PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions resolves this issue. Note that PAN-OS 11.0 is End of Life (EOL) and will not be updated.
Palo Alto Networks also announced additional releases for commonly deployed maintenance versions.
Additional PAN-OS 11.1 releases with the fix:
Additional PAN-OS 10.2 releases with the fix:
Additional PAN-OS 10.1 releases with the fix:
Additional PAN-OS releases with the fix only applicable to Prisma Access:
If affected firewalls stop responding or reboot unexpectedly, Palo Alto Networks has provided several workarounds, including specific workarounds for Prisma Access customers using DNS Security.
Palo Alto Networks has confirmed active exploitation, though no public proof-of-concept (PoC) tools currently exist.
Because Palo Alto Networks products are incredibly common across enterprises globally, this vulnerability potentially affects a significant number of organizations. We’ve previously reported that over 50% of CyCognito customers use at least one externally exposed Palo Alto Networks product, and the larger the organization is, the more vulnerable devices it has.
This vulnerability’s resistance to external scanning and testing intensifies the challenge of diagnosing and fixing affected devices, as security teams must verify the internal setting of all networks with an associated device individually. For large enterprises like Fortune 100 companies, that can mean checking the settings on up to 150 different networks across dozens of brands and subsidiaries.
Because the vulnerable configurations are entirely internal, external scanning or testing cannot verify if potentially affected assets are actually exploitable. To accelerate remediation efforts, CyCognito has shared lists of potentially affected assets running PAN-OS with affected customers alongside a notification in-platform.
Figure 1: The alert sent by CyCognito for CVE-2024-3393
CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page to schedule a demo.
Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.
CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure.
Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. Based in Palo Alto, CyCognito serves a number of large enterprises and Fortune 500 organizations, including Colgate-Palmolive, Tesco and many others.
For more information, follow us on Twitter @cycognito.
Privacy Policy Terms of Service Sitemap