The National Computer Emergency Response Team (NCERT) has released an important advisory about a DNS security vulnerability in Palo Alto Networks PAN-OS, known as CVE-2024-3393.
Due to incorrect input validation and memory handling in the DNS Security feature, this vulnerability can be exploited by malicious actors who send specifically constructed DNS requests.
Organizations face a significant risk due to this vulnerability, which can be exploited without authentication. To protect impacted devices and infrastructures, Palo Alto Networks has issued updates to fix the problem and urges quick action.
The advisory states that exploiting CVE-2024-3393 might cause serious problems such as DNS request processing failure, major firewall downtime, denial of service (DoS), and interruption of important traffic inspection.
These interruptions put impacted systems’ operation at risk, which in turn leaves cloud and business environments open to additional attacks and the possibility of sensitive data being exposed. Organizations must immediately implement mitigation methods and apply fixes to secure their networks, according to NCERT.
All versions of 10.0, versions before 10.1.10, 10.2.7, and 11.0.3 are affected by the vulnerability. Palo Alto Networks suggests fixing the issue by upgrading to the latest version of PAN-OS.
Organizations unable to apply fixes immediately should implement mitigation strategies such as:
For Prisma Access tenants, the administrator can temporarily disable DNS Security logging by opening a support case, or the feature can be disabled through security profiles. As an extra precaution, you can establish monitoring tools, limit access controls, and separate impacted devices from important resources. Another important step in detecting such exploitation attempts early is to regularly analyze logs for unusual DNS traffic.
Delaying mitigation actions could result in disruptions to operations and security breaches, according to National CERT. Businesses should immediately take measures to protect their devices and network settings. Citations of the Palo Alto Networks alert and other relevant sources highlight the urgency of the situation and the need to take swift action to protect the network.