A critical denial-of-service vulnerability has been identified in Palo Alto Networks PAN-OS software that allows unauthenticated attackers to remotely reboot firewalls by crafting specially designed packets through the data plane.
Security researchers have determined that repeated reboot attempts can force affected firewalls into maintenance mode, effectively disabling network protection capabilities and leaving organizations vulnerable to secondary attacks.
The vulnerability impacts PA-Series firewalls, VM-Series firewalls, and Prisma Access deployments across multiple PAN-OS versions, though Cloud NGFW installations remain unaffected.
Palo Alto Networks confirms that this issue only manifests on firewalls with URL proxy or any decrypt policy configured.
However, the presence of explicit decrypt, explicit no-decrypt, or no-matching policies can also trigger the flaw.
Notably, the company has reported no evidence of active exploitation in the wild at this time.
Palo Alto Networks assigned a CVSS base score of 8.7 and a behavioral score of 6.6, classifying it as MEDIUM severity with MODERATE urgency.
The vulnerability stems from improper checks for unusual or exceptional conditions (CWE-754), combined with pointer manipulation techniques outlined in CAPEC-129.
The network-based attack requires no authentication or user interaction, making it relatively straightforward for threat actors to exploit to disrupt critical infrastructure.
The most heavily impacted versions include PAN-OS 10.2 (all versions through 10.2.13) and PAN-OS 11.1 (all versions through 11.1.6). PAN-OS 11.2 deployments running versions before 11.2.5 are similarly vulnerable, while PAN-OS 12.1 and PAN-OS 10.1 require no remediation.
Prisma Access customers currently require patches specific to their underlying PAN-OS versions, with Palo Alto Networks completing upgrades for most Prisma Access instances except those facing conflicting maintenance windows.
Regarding remediation, Palo Alto Networks offers specific patched versions for each affected release branch.
PAN-OS 10.2 users should upgrade to version 10.2.14 or apply hotfix versions 10.2.13-h3 or later. PAN-OS 11.1 customers should target 11.1.7 or apply appropriate hotfixes such as 11.1.6-h1 or 11.1.4-h13.
PAN-OS 11.2 administrators must upgrade to 11.2.5 or apply corresponding hotfixes. Unfortunately, no workarounds currently exist for organizations unable to patch immediately, making prompt remediation essential to maintaining their security posture.
Vulnerability Severity and Impact Summary
| CVE ID | Affected Product | Severity | CVSS Score | Attack Vector | Authentication Required | Impact |
|---|---|---|---|---|---|---|
| CVE-TBD | Palo Alto PAN-OS 11.2 | MEDIUM | 6.6-8.7 | Network | No | Denial of Service |
| CVE-TBD | Palo Alto PAN-OS 11.1 | MEDIUM | 6.6-8.7 | Network | No | Denial of Service |
| CVE-TBD | Palo Alto PAN-OS 10.2 | MEDIUM | 6.6-8.7 | Network | No | Denial of Service |
| CVE-TBD | Prisma Access | MEDIUM | 6.6-8.7 | Network | No | Denial of Service |
| CVE-TBD | PA-Series Firewalls | MEDIUM | 6.6-8.7 | Network | No | Denial of Service |
| CVE-TBD | VM-Series Firewalls | MEDIUM | 6.6-8.7 | Network | No | Denial of Service |
Organizations running affected PAN-OS versions should prioritize upgrading during their next maintenance window to restore full firewall resilience and prevent potential denial-of-service attacks.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1068,580&ssl=1&description=The vulnerability impacts PA-Series firewalls, VM-Series firewalls, and Prisma Access deployments across multiple PAN-OS versions, though Cloud NGFW installations remain unaffected.){kind=link}