Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/113723708086948941">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 27-Dec-2024 16:54:39 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/113702707828587402" rel="in-reply-to">in reply to</a></div></section><article><p>This is similarish to the Fortigate zero day, also being exploited -in case of Fortigate it's a non-management packet which causes FortiOS to run out of memory and enter failopen <a href="https://infosec.exchange/@screaminggoat/113722788663656122" rel="nofollow noreferrer">https://infosec.exchange/@screaminggoat/113722788663656122</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4226206#notice-8331476">In conversation</a><time datetime="2024-12-27T16:54:39+09:00" title="Friday, 27-Dec-2024 16:54:39 JST">about 6 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/113723708086948941" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/113723708086948941">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://infosec.exchange/@screaminggoat/113722788663656122">Not Simon 🐐 (@screaminggoat@infosec.exchange)</a></h5><div> from <span>Not Simon 🐐</span></div></header><div>Merry fucking Christmas from **Palo Alto Networks (Zero-Day)**: [CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet](https://security.paloaltonetworks.com/CVE-2024-3393)
[CVE-2024-3393](https://www.cve.org/CVERecord?id=CVE-2024-3393) (CVSSv4: 8.7 high) A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.&gt; Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.#zeroday #eitw #activeexploitation #vulnerability #paloaltonetworks #cve #CVE_2024_3393 #christmas</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 27-Dec-2024 16:54:39 JST Kevin Beaumont
in reply to
This is similarish to the Fortigate zero day, also being exploited -in case of Fortigate it's a non-management packet which causes FortiOS to run out of memory and enter failopen https://infosec.exchange/@screaminggoat/113722788663656122
In conversationabout 6 months ago from cyberplace.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Not Simon 🐐 (@screaminggoat@infosec.exchange)
  from Not Simon 🐐
  Merry fucking Christmas from **Palo Alto Networks (Zero-Day)**: [CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet](https://security.paloaltonetworks.com/CVE-2024-3393) [CVE-2024-3393](https://www.cve.org/CVERecord?id=CVE-2024-3393) (CVSSv4: 8.7 high) A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. > Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue. #zeroday #eitw #activeexploitation #vulnerability #paloaltonetworks #cve #CVE_2024_3393 #christmas

Public

Embed Notice

HTML Code

Corresponding Notice