CVE-2024-3385 HIGH

CVE-2024-3385: PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled

Vendor Palo Alto Networks

Product PAN-OS

Weakness CWE-20 · Input validation

Published April 10, 2024

Last update May 13, 2026

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: - PA-5400 Series firewalls - PA-7000 Series firewalls

Key dates

02Disclosure timeline

April 10, 2024 CVE published

May 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3385

Related vulnerabilities

Identifiers

CVE CVE-2024-3385

CWE CWE-20

CVSS 7.5 / HIGH

Affected versions

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 9.0.0 and < 9.0.17-h4

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 9.1.0 and < 9.1.17

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 10.1.0 and < 10.1.12

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 10.2.0 and < 10.2.8

Vendor Palo Alto Networks

Product PAN-OS

Affected ≥ 11.0.0 and < 11.0.3

CVE-2024-3385: PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled

01Description

02Disclosure timeline

03References

04Related CVE