fkie_nvd - fkie_cve-2024-2551

fkie_cve-2024-2551

Vulnerability from fkie_nvd

Published

2024-11-14 10:15

Modified

2025-01-24 16:03

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

References

	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2024-2551	Vendor Advisory

Impacted products

Vendor	Product	Version
paloaltonetworks	pan-os	*
paloaltonetworks	pan-os	*
paloaltonetworks	pan-os	*
paloaltonetworks	pan-os	10.2.4
paloaltonetworks	pan-os	10.2.4
paloaltonetworks	pan-os	10.2.4
paloaltonetworks	pan-os	10.2.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19D52DC1-4441-4C88-B209-9B86FCC2162F",
              "versionEndExcluding": "10.1.14",
              "versionStartIncluding": "10.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D61F01F8-1598-4078-9D98-BFF5B62F3BA5",
              "versionEndExcluding": "10.2.4",
              "versionStartIncluding": "10.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B9F11D-D5EF-487A-8E43-9AE14307CCE5",
              "versionEndExcluding": "11.0.5",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "135588B5-6771-46A3-98B0-39B4873FD6FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
              "matchCriteriaId": "20673F1E-733D-41C4-A644-C482431C26EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
              "matchCriteriaId": "156DA55E-4152-47BF-A067-136EEC9ADE22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
              "matchCriteriaId": "C2D2F5C4-7ACC-4514-ADBD-3948158B93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks permite a un atacante no autenticado detener un servicio central del sistema en el firewall mediante el env\u00edo de un paquete manipulado a trav\u00e9s del plano de datos que provoca una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Los intentos repetidos de activar esta condici\u00f3n hacen que el firewall entre en modo de mantenimiento."
    }
  ],
  "id": "CVE-2024-2551",
  "lastModified": "2025-01-24T16:03:41.910",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NO",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "AMBER",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "CONCENTRATED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-11-14T10:15:04.547",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2024-2551"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2024-2551 (GCVE-0-2024-2551)

Vulnerability from cvelistv5

Published

2024-11-14 09:36

Modified

2024-11-19 15:01

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

CWE

CWE-476 - NULL Pointer Dereference

Summary

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2024-2551

vendor-advisory

Impacted products

Vendor

Product

Version

Palo Alto Networks

Cloud NGFW

	Palo Alto Networks	PAN-OS	Version: 11.0.0 < 11.0.5 Version: 10.2.0 < 10.2.4-h6 Version: 10.1.0 < 10.1.14 cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1:-::::::
	Palo Alto Networks	Prisma Access

Show details on NVD website