Palo Alto Networks has patched a zero-day vulnerability, CVE-2024-3393, affecting the DNS Security feature of PAN-OS on its firewalls. This flaw allows unauthenticated attackers to launch denial-of-service (DoS) attacks, causing the firewall to reboot and enter maintenance mode if triggered repeatedly. The vulnerability is rated as "high severity" but has been assigned a "moderate urgency" by the company, as exploitation requires DNS Security logging to be enabled and a DNS Security License to be applied. The vulnerability affects PAN-OS versions 10.1.14-h8, 10.2.10-h12, 11.1.5, and 11.2.3, with no fix available for the EOL PAN-OS 11.0. Workarounds and mitigations are also provided. The vulnerability was discovered with help from Estonia’s CERT-EE.

‍