FlagThis - #pan-os

A critical denial-of-service (DoS) vulnerability, identified as CVE-2024-3393, has been discovered in Palo Alto Networks PAN-OS software and Prisma Access firewalls. The flaw, which has a high severity rating of 8.7, allows unauthenticated attackers to send malicious DNS packets through the firewall's data plane. This action can cause the firewall to reboot and, after repeated attempts, enter maintenance mode, significantly disrupting network operations. Palo Alto Networks is aware of customers experiencing this issue and has confirmed that the vulnerability is being actively exploited.

The vulnerability affects multiple PAN-OS versions, specifically below 11.2.3, 11.1.5, 10.2.10-h12, 10.2.13-h2, and 10.1.14-h8. Palo Alto Networks has released patches to address this flaw in PAN-OS versions 10.1.14-h8, 10.2.10-h12, 11.1.5, 11.2.3, and later, with Prisma Access upgrades scheduled for January 3rd and 10th. As a temporary mitigation, organizations can disable DNS Security logging in Anti-Spyware profiles and set the "Log Severity" to "none" while they apply the necessary patches. PAN-OS version 11.0 has reached its end of life and will not receive a patch.


References :

• Cyber Security News: Critical DoS Vulnerability Found in Palo Alto Networks PAN-OS (CVE-2024-3393)
• : Merry fucking Christmas from Palo Alto Networks (Zero-Day) : (CVSSv4: 8.7 high) A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall.
• fthy: CVE-2024-3393 PaloAlto Firewall A DoS vul in the DNS Security feature of PanOS allows an unauth attacker to send a malicious packet through the data plane of the firewall that reboots the firewall.
• osint10x.com: Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
• securityonline.info: CVE-2024-3393: PAN-OS Vulnerability Now Exploited in the Wild
• securityaffairs.com: Palo Alto Networks fixed a high-severity PAN-OS flaw
• The Hacker News: Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
• ciso2ciso.com: Palo Alto Networks fixed a high-severity PAN-OS flaw – Source: securityaffairs.com
• ciso2ciso.com: Palo Alto Networks fixed a high-severity PAN-OS flaw – Source: securityaffairs.com
• cyberpress.org: Critical DoS Vulnerability Found in Palo Alto Networks PAN-OS (CVE-2024-3393)
• securityonline.info: CVE-2024-3393: PAN-OS Vulnerability Now Exploited in the Wild
• Osint10x: Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
• gbhackers.com: Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks
• socradar.io: Severe Vulnerability in Palo Alto Networks PAN-OS Exposes Firewalls to Denial of Service (CVE-2024-3393)
• ciso2ciso.com: Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
• gbhackers.com: Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks
• www.bleepingcomputer.com: Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot.
• BleepingComputer: Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot.
• cR0w :cascadia:: Palo Alto updated their advisory, the DoS issue occurs on the Advanced Security DNS license too, not just DNS Security license
• Kevin Beaumont: Palo Alto updated their advisory, the DoS issue occurs on the Advanced Security DNS license too, not just DNS Security license
• security.paloaltonetworks.com: Palo Alto Networks published that describes an improper check for unusual or exceptional conditions vulnerability in multiple Palo Alto Networks products.
• fortiguard.fortinet.com: PAN-OS Firewall Denial of Service (DoS) Vulnerability
• securityonline.info: SecurityOnline: CISA Warns of Actively Exploited Palo Alto Firewall Flaw (CVE-2024-3393)
• securityonline.info: CISA Warns of Actively Exploited Palo Alto Firewall Flaw (CVE-2024-3393)
• gbhackers.com: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a critical vulnerability in Palo Alto Networks PAN-OS. Tracked as CVE-2024-3393, this flaw has been observed in active exploitation, putting systems at risk of remote disruption.
• gbhackers.com: CISA Warns of Palo Alto Networks PAN-OS Vulnerability Exploited in Wild
• thecyberexpress.com: The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding a newly discovered vulnerability in Palo Alto Networks' PAN-OS versions.
• cyble.com: Critical PAN-OS Vulnerability Added to CISA’s Exploited List: What You Need to Know

Classification:

• HashTags: #PaloAlto #DoS #Vulnerability
• Company: Palo Alto Networks
• Target: PAN-OS Users
• Product: PAN-OS
• Feature: DNS Security
• Type: Vulnerability
• Severity: Major

Active exploitation of a high-severity authentication bypass vulnerability, CVE-2025-0108, affecting Palo Alto Networks PAN-OS is being observed. GreyNoise has confirmed live attacks on PAN-OS firewalls. This flaw allows unauthenticated attackers to access the management web interface and execute specific PHP scripts, potentially leading to unauthorized access. Organizations relying on PAN-OS firewalls should assume that unpatched devices are being targeted.

To mitigate this threat, defenders should apply security patches for PAN-OS as soon as possible and restrict access to firewall management interfaces, ensuring they are not publicly exposed. It is recommended to monitor active exploitation trends and leverage real-time threat intelligence to stay ahead of exploitation attempts. Researchers have noted that the vulnerability is trivial to exploit, increasing the potential for widespread abuse.


References :

• The GreyNoise Blog: GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)
• GreyNoise: 🚨 CVE-2025-0108 is being actively exploited! 🚨 GreyNoise sees live attacks on PAN-OS firewalls.
• Blog: New Palo Alto vulnerability with active exploit attempts discovered
• veriti.ai: CVE-2025-0108: Active Exploits Targeting Palo Alto PAN-OS – What You Need to Know
• securityaffairs.com: Threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.
• Glenn ?: & - it took no time for the POC of CVE-2025-0108 (PAN-OS Authentication Bypass) to start being fired off across the internet. We're back-processing some data now to pick up some prior exploitation as well.
• socradar.io: Palo Alto Firewall Vulnerability (CVE-2025-0108) Under Attack – Are You at Risk?
• VERITI: CVE-2025-0108: Active Exploits Targeting Palo Alto PAN-OS – What You Need to Know
• securityadvisories.paloaltonetworks.com: Authentication Bypass in PAN-OS Management Web Interface Allows Unauthorized Access
• BleepingComputer: Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication.
• The Hacker News: CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
• www.csoonline.com: Hackers gain root access to Palo Alto firewalls through chained bugs
• securityaffairs.com: U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog
• securebulletin.com: Critical Palo Alto Firewall flaw under active attack: Patch NOW!
• aboutdfir.com: Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks.
• Secure Bulletin: Critical Palo Alto Firewall flaw under active attack: Patch NOW!
• techcrunch.com: Palo Alto Networks warns that hackers are exploiting another vulnerability in its firewall software to break into unpatched customer networks

Classification:

• HashTags: #vulnerability #PAN-OS #activeexploitation
• Company: Palo Alto Networks
• Target: PAN-OS users
• Product: PAN-OS
• Feature: Authentication Bypass
• Malware: CVE-2025-0108
• Type: Vulnerability
• Severity: Critical

References :

• Cyber Security News: New ‘OtterCookie’ Malware Targets Developers with Fake Job Offers
• securityonline.info: “OtterCookie” Malware Nibbles at Developers in “Contagious Interview” Campaign
• The Hacker News: North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
• www.scworld.com: Novel OtterCookie malware added to Contagious Interview attack arsenal
• gbhackers.com: New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers
• ciso2ciso.com: North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign – Source:thehackernews.com
• securityaffairs.com: North Korea actors use OtterCookie malware in Contagious Interview campaign
• : North Korea actors use OtterCookie malware in Contagious Interview campaign - Source: securityaffairs.com
• ciso2ciso.com: North Korea actors use OtterCookie malware in Contagious Interview campaign – Source: securityaffairs.com
• ciso2ciso.com: North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign – Source:thehackernews.com
• ciso2ciso.com: North Korea actors use OtterCookie malware in Contagious Interview campaign – Source: securityaffairs.com
• www.bleepingcomputer.com: New 'OtterCookie' malware used to backdoor devs in fake job offers
• Hacker News: New 'OtterCookie' malware used to backdoor devs in fake job offers

Classification:

• HashTags: #Cybersecurity #NorthKorea #Malware
• Target: Software Developers
• Attacker: North Korea
• Product: OtterCookie
• Feature: backdoor
• Malware: OtterCookie
• Type: Malware
• Severity: Major