KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

8.7

CVSS
High

CVE-2024-3393

PUBLISHED

PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet

Exploited in the wild PoC available Remote Low complexity No user interaction

Vendor: Palo Alto Networks
Product: Cloud NGFW, PAN-OS
Published: Dec 27, 2024
EPSS: —

Description

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

cisa edge nessus_scanner

CVSS scores

CVSS v4.0 8.7 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:U/V:C/RE:M/U:Amber

Exploitation status

Exploited in the wild

Recorded 2024-12-30 00:00:00 UTC · Source

Proof of concept available

Recorded 2025-01-04 08:18:06 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: partial

References

https://security.paloaltonetworks.com/CVE-2024-3393

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Dec 30, 2024

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/213409	Jun 02, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

FelixFoxf/-CVE-2024-3393

github · Created 2025-01-04 08:18:06 UTC · 5 stars

CVE-2024-3393 EXPLOIT

Timeline

CVE ID Reserved

April 05, 2024
CVE Published to Public

December 27, 2024
Added to KEVIntel

December 30, 2024
Proof of Concept Exploit Available

January 04, 2025
Detected by Nessus

June 02, 2025