CVE-2024-2551

A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-2551	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4::::::

History

24 Jan 2025, 16:03

Type	Values Removed	Values Added
CPE		cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2::::::
First Time		Paloaltonetworks Paloaltonetworks pan-os
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~() https://security.paloaltonetworks.com/CVE-2024-2551 -~~	() https://security.paloaltonetworks.com/CVE-2024-2551 - Vendor Advisory

15 Nov 2024, 13:58

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks permite a un atacante no autenticado detener un servicio central del sistema en el firewall mediante el envío de un paquete manipulado a través del plano de datos que provoca una condición de denegación de servicio (DoS). Los intentos repetidos de activar esta condición hacen que el firewall entre en modo de mantenimiento.

14 Nov 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-14 10:15

Updated : 2025-01-24 16:03

NVD link : CVE-2024-2551

Mitre link : CVE-2024-2551

CVE.ORG link : CVE-2024-2551

JSON object : View

Products Affected

paloaltonetworks

pan-os

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-2551", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 8.7, "automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-14T10:15:04.547", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-2551", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-476"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode."}, {"lang": "es", "value": "Una vulnerabilidad de desreferencia de puntero nulo en el software PAN-OS de Palo Alto Networks permite a un atacante no autenticado detener un servicio central del sistema en el firewall mediante el env\u00edo de un paquete manipulado a trav\u00e9s del plano de datos que provoca una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Los intentos repetidos de activar esta condici\u00f3n hacen que el firewall entre en modo de mantenimiento."}], "lastModified": "2025-01-24T16:03:41.910", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19D52DC1-4441-4C88-B209-9B86FCC2162F", "versionEndExcluding": "10.1.14", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D61F01F8-1598-4078-9D98-BFF5B62F3BA5", "versionEndExcluding": "10.2.4", "versionStartIncluding": "10.2.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06B9F11D-D5EF-487A-8E43-9AE14307CCE5", "versionEndExcluding": "11.0.5", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "135588B5-6771-46A3-98B0-39B4873FD6FD"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20673F1E-733D-41C4-A644-C482431C26EC"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "156DA55E-4152-47BF-A067-136EEC9ADE22"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2D2F5C4-7ACC-4514-ADBD-3948158B93CC"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}

7.5 /10