Unrated severityCISA KEVNVD Advisory· Published Dec 27, 2024· Updated Oct 21, 2025

PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet

CVE-2024-3393

Description

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Affected products

Palo Alto Networks/Cloud NGFWv5
Range: All
Paloaltonetworks/Pan Osv52 versions
cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h2:*:*:*:*:*:*range: 11.2.0
- (no CPE)range: 11.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.paloaltonetworks.com/CVE-2024-3393mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.064
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000