Detections
Analytics

Palo Alto Networks PAN-OS 10.1.x < 10.1.14 / 10.2.x < 10.2.4-h6 / 11.0.x < 11.0.5 DoS

high Nessus Plugin ID 211468

Synopsis

The remote PAN-OS host is affected by a denial of service vulnerability

Description

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14, or 10.2.x prior to 10.2.4-h6, or 11.0.x prior to 10.0.5. It is, therefore, affected by a denial of service (DoS) vulnerability.

 - A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to PAN-OS 10.1.14 / 10.2.4-h6 / 10.2.5 / 11.0.5 or later

See Also

https://security.paloaltonetworks.com/CVE-2024-2551

Plugin Details

Severity: High

ID: 211468

File Name: palo_alto_CVE-2024-2551.nasl

Version: 1.1

Type: combined

Published: 11/15/2024

Updated: 11/15/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2024-2551

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4

Risk Factor: High

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version, Host/Palo_Alto/Firewall/Source

Patch Publication Date: 6/22/2024

Vulnerability Publication Date: 11/13/2024

Reference Information

CVE: CVE-2024-2551

IAVA: 2024-A-0750