CVE-2024-9472
CVSS V2 None
CVSS V3 None
Description
A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.
Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.
This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:
* 10.2.7-h12
* 10.2.8-h10
* 10.2.9-h9
* 10.2.9-h11
* 10.2.10-h2
* 10.2.10-h3
* 10.2.11
* 10.2.11-h1
* 10.2.11-h2
* 10.2.11-h3
* 11.1.2-h9
* 11.1.2-h12
* 11.1.3-h2
* 11.1.3-h4
* 11.1.3-h6
* 11.2.2
* 11.2.2-h1
Overview
- CVE ID
- CVE-2024-9472
- Assigner
- palo_alto
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-14T09:34:22.665Z
- Last Modified Date
- 2024-11-14T14:10:30.404Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2024-9472 | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-9472 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9472 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-15 13:36:58 | Added to TrackCVE |