NULL Pointer Dereference (CWE-476)
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
This vulnerability allows an unauthenticated attacker to cause a denial of service (DoS) condition on the affected Palo Alto Networks firewall. The attacker can stop the GlobalProtect service, which is a critical component of the firewall's VPN functionality. More severely, repeated exploitation attempts can force the entire firewall into maintenance mode, potentially disrupting all network traffic and security services provided by the device. This could lead to significant downtime and loss of network protection for organizations relying on these firewalls.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
As of the current information provided, there is no mention of an available patch. The security team should closely monitor Palo Alto Networks' security advisories for upcoming patches or updates to address this vulnerability.
While waiting for an official patch, the following mitigation strategies are recommended: 1. Implement strict network access controls to limit who can reach the GlobalProtect gateway. 2. Use intrusion detection and prevention systems (IDS/IPS) to detect and block specially crafted packets that could exploit this vulnerability. 3. Monitor firewall logs for signs of exploitation attempts or unexpected entries into maintenance mode. 4. Have a robust backup and failover system in place to minimize downtime if a firewall is forced into maintenance mode. 5. Consider temporarily disabling the GlobalProtect service if it's not critical to operations, weighing the risk against the need for VPN functionality. 6. Ensure that you have the latest version of PAN-OS installed, as newer versions might have improved resilience against such attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
NVD published the first details for CVE-2024-2550
A CVSS base score of 8.7 has been assigned.
Feedly found the first article mentioning CVE-2024-2550. See article
Detection for the vulnerability has been added to Qualys (731898)
EPSS Score was set to: 0.04% (Percentile: 10.2%)
Feedly estimated the CVSS score as MEDIUM