CVE-2024-3393

UNKNOWN 0.0

⚠️ CISA KEV

PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

CWE	CWE-754
Vendor	palo alto networks
Product	cloud ngfw
Published	Dec 27, 2024
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for palo alto networks cloud ngfw

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-3393.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / Cloud NGFW

All versions affected

Palo Alto Networks / PAN-OS

11.2.0 < 11.2.3 11.1.0 < 11.1.2-h16 10.2.8 < 10.2.8-h19 10.1.14 < 10.1.14-h8

Palo Alto Networks / PAN-OS

11.2.0 < 11.2.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2024-3393 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3393

Credits

🔍 Palo Alto Networks thanks the CERT-EE team for their extra effort in providing invaluable forensic and analytic assistance.