CVE-2024-2550

Published: Nov 14, 2024Modified: Jan 24, 2025

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:AmberShow less

Source: psirt@paloaltonetworks.com (Secondary)

Description

A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

Affected (34)

Products: Paloaltonetworks: Pan Os

Paloaltonetworks

1 product

Pan Os

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Pan Os	From 10.2.0 to 10.2.7
Paloaltonetworks Pan Os	From 11.0.0 to 11.0.6
Paloaltonetworks Pan Os	From 11.1.0 to 11.1.4
Paloaltonetworks Pan Os	Version 10.2.10
Paloaltonetworks Pan Os	Version 10.2.10 h2
Paloaltonetworks Pan Os	Version 10.2.10 h3
Paloaltonetworks Pan Os	Version 10.2.10 h4
Paloaltonetworks Pan Os	Version 10.2.10 h5
Paloaltonetworks Pan Os	Version 10.2.10 h7
Paloaltonetworks Pan Os	Version 10.2.10 h9
Paloaltonetworks Pan Os	Version 10.2.7 h12
Paloaltonetworks Pan Os	Version 10.2.7 h16
Paloaltonetworks Pan Os	Version 10.2.7 h18
Paloaltonetworks Pan Os	Version 10.2.7 h19
Paloaltonetworks Pan Os	Version 10.2.7 h1
Paloaltonetworks Pan Os	Version 10.2.7 h3
Paloaltonetworks Pan Os	Version 10.2.7 h6
Paloaltonetworks Pan Os	Version 10.2.7 h8
Paloaltonetworks Pan Os	Version 10.2.8
Paloaltonetworks Pan Os	Version 10.2.8 h10
Paloaltonetworks Pan Os	Version 10.2.8 h13
Paloaltonetworks Pan Os	Version 10.2.8 h15
Paloaltonetworks Pan Os	Version 10.2.8 h3
Paloaltonetworks Pan Os	Version 10.2.8 h4
Paloaltonetworks Pan Os	Version 10.2.9
Paloaltonetworks Pan Os	Version 10.2.9 h11
Paloaltonetworks Pan Os	Version 10.2.9 h14
Paloaltonetworks Pan Os	Version 10.2.9 h16
Paloaltonetworks Pan Os	Version 10.2.9 h1
Paloaltonetworks Pan Os	Version 10.2.9 h9
Paloaltonetworks Pan Os	Version 11.1.4
Paloaltonetworks Pan Os	Version 11.1.4 h1
Paloaltonetworks Pan Os	Version 11.1.4 h4
Paloaltonetworks Pan Os	Version 11.1.4 h7

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (1)

https://security.paloaltonetworks.com/CVE-2024-2550

Source: psirt@paloaltonetworks.com

Vendor Advisory

Timeline

No history available yet.