CVE-2024-2551

NULL Pointer Dereference (CWE-476)

Published: Nov 14, 2024 / Updated: 5d ago

010
CVSS 8.7EPSS 0.04%High
CVE info copied to clipboard

Summary

A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane. This results in a denial of service (DoS) condition. Repeated attempts to trigger this condition can cause the firewall to enter maintenance mode.

Impact

The impact of this vulnerability is severe. An attacker can exploit this flaw to cause a denial of service condition on affected Palo Alto Networks firewalls. This can lead to: 1. Disruption of network traffic: The firewall may stop processing traffic, potentially bringing down network communications. 2. System unavailability: The core system service being stopped could render the firewall inoperable. 3. Maintenance mode: Repeated attacks can force the firewall into maintenance mode, requiring manual intervention to restore normal operations. 4. Potential security gaps: With the firewall in a compromised state, it may not be able to enforce security policies, potentially exposing the protected network to other attacks.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the vulnerability disclosure, there is no mention of a specific patch available. However, given the severity of the issue, it is likely that Palo Alto Networks will release a security update to address this vulnerability. The security team should closely monitor Palo Alto Networks' security advisories for any forthcoming patches or updates related to CVE-2024-2551.

Mitigation

While awaiting a patch, consider the following mitigation strategies: 1. Network segmentation: Implement strict network segmentation to limit the potential impact of a compromised firewall. 2. Traffic filtering: If possible, implement upstream traffic filtering to block potentially malicious packets before they reach the vulnerable firewall. 3. Monitoring and alerting: Set up robust monitoring and alerting systems to quickly detect any attempts to exploit this vulnerability or any unexpected firewall behavior. 4. Incident response plan: Develop and test an incident response plan specifically for dealing with firewall outages or compromises. 5. Backup and redundancy: Ensure proper backup configurations are in place and consider implementing redundant firewall systems if not already done. 6. Regular updates: Once a patch becomes available, prioritize testing and deploying it across all affected systems.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber

Timeline

CVE Assignment

NVD published the first details for CVE-2024-2551

Nov 14, 2024 at 10:15 AM
CVSS

A CVSS base score of 8.7 has been assigned.

Nov 14, 2024 at 10:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-2551. See article

Nov 14, 2024 at 10:24 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 14, 2024 at 10:24 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (731902)

Nov 15, 2024 at 7:53 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.2%)

Nov 15, 2024 at 10:16 AM
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/pan-os
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI