r/sysadmin Security Admin 1d ago

Palo CVE-2024-3393 CVE 8.7

I'm sure many of you have seen this CVE:

https://security.paloaltonetworks.com/CVE-2024-3393

At the high level, a crafted packet can reboot your firewall and eventually put it in maintenance mode. The workaround is to disable your anti-spyware DNS policies so that they do not log events.

They do not mention that you cannot change the predefined default value for the spyware policy. So, if you update all your other profiles, make sure to update all your policies not to use your default policy.

Happy patching!

59 Upvotes

View all comments

12

u/2nP1nk1nSt1nk 1d ago

Another freaking Palo CVE!

4

u/DeadStockWalking 1d ago

Fortigate has entered the chat

I heard you like CVEs....

u/synerGy-- 17h ago

I take it fortinet is not any better shape? curious, as a PAN user.