CVE-2024-2550

NULL Pointer Dereference (CWE-476)

Published: Nov 14, 2024 / Updated: 5d ago

010
CVSS 8.7EPSS 0.04%High
CVE info copied to clipboard

Summary

A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

Impact

This vulnerability allows an unauthenticated attacker to cause a denial of service (DoS) condition on the affected Palo Alto Networks firewall. The attacker can stop the GlobalProtect service, which is a critical component of the firewall's VPN functionality. More severely, repeated exploitation attempts can force the entire firewall into maintenance mode, potentially disrupting all network traffic and security services provided by the device. This could lead to significant downtime and loss of network protection for organizations relying on these firewalls.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the current information provided, there is no mention of an available patch. The security team should closely monitor Palo Alto Networks' security advisories for upcoming patches or updates to address this vulnerability.

Mitigation

While waiting for an official patch, the following mitigation strategies are recommended: 1. Implement strict network access controls to limit who can reach the GlobalProtect gateway. 2. Use intrusion detection and prevention systems (IDS/IPS) to detect and block specially crafted packets that could exploit this vulnerability. 3. Monitor firewall logs for signs of exploitation attempts or unexpected entries into maintenance mode. 4. Have a robust backup and failover system in place to minimize downtime if a firewall is forced into maintenance mode. 5. Consider temporarily disabling the GlobalProtect service if it's not critical to operations, weighing the risk against the need for VPN functionality. 6. Ensure that you have the latest version of PAN-OS installed, as newer versions might have improved resilience against such attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber

Timeline

CVE Assignment

NVD published the first details for CVE-2024-2550

Nov 14, 2024 at 10:15 AM
CVSS

A CVSS base score of 8.7 has been assigned.

Nov 14, 2024 at 10:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-2550. See article

Nov 14, 2024 at 10:24 AM / National Vulnerability Database
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (731898)

Nov 15, 2024 at 7:53 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.2%)

Nov 15, 2024 at 10:16 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 19, 2024 at 11:49 AM
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/pan-os
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI