Severity
High
Analysis Summary
CVE-2024-2550 CVSS:7.5
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
CVE-2024-2551 CVSS:7.5
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
CVE-2024-9472 CVSS:7.5
Palo Alto Networks PAN-OS is vulnerable to a denial of service, caused by NULL pointer dereference flaw. By sending a specially crafted network traffic, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-2550
- CVE-2024-2551
- CVE-2024-9472
Affected Vendors
Affected Products
- Palo Alto Networks PAN-OS - 11.0
- Palo Alto Networks PAN-OS - 10.2.0
- Palo Alto Networks PAN-OS - 11.1.0
- Palo Alto Networks PAN-OS - 11.2.0
Remediation
Refer to Palo Alto Security Advisory for patch, upgrade, or suggested workaround information.