CVE-2024-9472
NULL Pointer Dereference (CWE-476)
Summary
A null pointer dereference vulnerability exists in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled. This vulnerability allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
Impact
The impact of this vulnerability is severe, as it can cause a denial of service condition on affected Palo Alto Networks firewall devices. An unauthenticated attacker can exploit this vulnerability to crash the PAN-OS, disrupting network traffic and security services. Repeated attacks can force the system into maintenance mode, potentially causing extended downtime and requiring manual intervention to restore normal operations. This could significantly impact network availability and security posture for organizations relying on these devices.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
Patches are not explicitly mentioned in the provided information. However, given the specific version numbers listed as affected, it's likely that patches or updates addressing this vulnerability are available for versions beyond those listed. Organizations should check with Palo Alto Networks for the latest security updates.
Mitigation
1. Update affected systems to the latest PAN-OS version that addresses this vulnerability. 2. If immediate patching is not possible, consider temporarily disabling the Decryption policy on affected devices if feasible within your security requirements. 3. Implement network segmentation and access controls to limit potential attackers' ability to reach affected devices. 4. Monitor logs and traffic patterns for signs of exploitation attempts. 5. Have a incident response plan ready to quickly address any successful attacks and restore systems from maintenance mode if necessary.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Timeline
NVD published the first details for CVE-2024-9472
A CVSS base score of 8.7 has been assigned.
Feedly found the first article mentioning CVE-2024-9472. See article
Feedly estimated the CVSS score as MEDIUM
Detection for the vulnerability has been added to Qualys (731905)
EPSS Score was set to: 0.04% (Percentile: 10.2%)