r/sysadmin • u/soul_stumbler Security Admin • 1d ago

Palo CVE-2024-3393 CVE 8.7

I'm sure many of you have seen this CVE:

https://security.paloaltonetworks.com/CVE-2024-3393

At the high level, a crafted packet can reboot your firewall and eventually put it in maintenance mode. The workaround is to disable your anti-spyware DNS policies so that they do not log events.

They do not mention that you cannot change the predefined default value for the spyware policy. So, if you update all your other profiles, make sure to update all your policies not to use your default policy.

Happy patching!

52 Upvotes

88% Upvoted

u/DaithiG 1d ago

I know it's how you respond to a security issue, but I need to do a firewall refresh in the new year and every time a CVE drops it doesn't help! Lol

•

u/2nP1nk1nSt1nk 23h ago

Another freaking Palo CVE!

•

u/DeadStockWalking 9h ago

Fortigate has entered the chat

I heard you like CVEs....

•

u/synerGy-- 1h ago

I take it fortinet is not any better shape? curious, as a PAN user.

•

u/wraith8015 17h ago

They're really rushing these builds out the door! That being said, if someone attempted to use this it would be extremely noisey... I can't imagine it would be a first choice for most bad actors outside of a very targeted attack.

•

u/BragawSt 21h ago

•

u/MAndris90 6h ago

how does a log file gain any execution rights?

•

u/Cormacolinde Consultant 5h ago

It doesn’t, this is a denial of service, not an RCE…

•

u/meditonsin Sysadmin 44m ago

Ask the log4j devs.

•

u/Googol20 19h ago

Don't have dns security, nothing for me to do