CVE-2024-3382

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3382
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://security.paloaltonetworks.com/CVE-2024-3382 Vendor Advisory
https://security.paloaltonetworks.com/CVE-2024-3382 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*
OR cpe:2.3:h:paloaltonetworks:pa-5410:-:*:*:*:*:*:*:*
cpe:2.3:h:paloaltonetworks:pa-5420:-:*:*:*:*:*:*:*
cpe:2.3:h:paloaltonetworks:pa-5430:-:*:*:*:*:*:*:*
cpe:2.3:h:paloaltonetworks:pa-5440:-:*:*:*:*:*:*:*
cpe:2.3:h:paloaltonetworks:pa-5445:-:*:*:*:*:*:*:*
History

22 Jan 2025, 15:44

Type Values Removed Values Added
First Time Paloaltonetworks
Paloaltonetworks pan-os
Paloaltonetworks pa-5440
Paloaltonetworks pa-5410
Paloaltonetworks pa-5420
Paloaltonetworks pa-5430
Paloaltonetworks pa-5445
References () https://security.paloaltonetworks.com/CVE-2024-3382 - () https://security.paloaltonetworks.com/CVE-2024-3382 - Vendor Advisory
CPE cpe:2.3:h:paloaltonetworks:pa-5445:-:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*
cpe:2.3:h:paloaltonetworks:pa-5430:-:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
cpe:2.3:h:paloaltonetworks:pa-5440:-:*:*:*:*:*:*:*
cpe:2.3:h:paloaltonetworks:pa-5420:-:*:*:*:*:*:*:*
cpe:2.3:h:paloaltonetworks:pa-5410:-:*:*:*:*:*:*:*
CWE CWE-401
Information

Published : 2024-04-10 17:15

Updated : 2025-01-22 15:44

NVD link : CVE-2024-3382

Mitre link : CVE-2024-3382

CVE.ORG link : CVE-2024-3382

JSON object : View

Products Affected

paloaltonetworks

  • pa-5445
  • pa-5440
  • pan-os
  • pa-5430
  • pa-5420
  • pa-5410
CWE
CWE-770

Allocation of Resources Without Limits or Throttling

CWE-401

Missing Release of Memory after Effective Lifetime