Hackers exploit CVE-2024-3393, a DoS flaw in Palo Alto firewalls, causing reboots. Update PAN-OS immediately or follow mitigation steps to stay secure.

Continue reading
Hackers are actively exploiting a denial-of-service (DoS) vulnerability in Palo Alto Networks' PAN-OS software, disabling critical firewall protections and leaving organizations vulnerable. The flaw, identified as CVE-2024-3393, targets the DNS Security feature of PAN-OS, forcing firewalls to reboot and, in severe cases, enter maintenance mode, requiring manual intervention to restore normal operations.
This ongoing exploitation has caused significant disruption for affected organizations, underscoring the critical need for immediate action.
CVE-2024-3393 is a severe DoS vulnerability that allows unauthenticated attackers to send malicious packets through the firewall’s data plane, triggering repeated reboots. The flaw only impacts devices with DNS Security logging enabled, making these devices particularly vulnerable to targeted attacks.
Palo Alto Networks has confirmed that the following PAN-OS versions are vulnerable to the CVE-2024-3393 exploit:
Palo Alto Networks has observed active exploitation in the wild, with organizations reporting outages caused by malicious DNS packets. These attacks highlight the flaw's critical nature, as attackers can repeatedly disrupt firewall operations until they are rendered inoperative.
Organizations unable to update to the latest PAN-OS versions should implement the following mitigation measures:
For Unmanaged NGFWs or NGFWs Managed by Panorama
For NGFWs Managed by Strata Cloud Manager (SCM)
For Prisma Access Managed by SCM
Open a support case to disable DNS Security logging across all NGFWs.
Request expedited Prisma Access tenant upgrades if required.
The CVE-2024-3393 vulnerability presents a significant risk to network security, as it directly targets an organization’s ability to defend against threats. A compromised firewall can lead to data breaches, malware intrusions, and operational disruptions, making it imperative to address this issue swiftly.

Splunk disclosed CVE-2026-20253, a critical pre-auth RCE flaw in Splunk Enterprise (CVSS 9.8) from insecure MongoDB defaults. Patches released; upgrade to 9.1.8, 9.2.5, or 9.3.2.