CVE-2024-2551: 
PAN-OS vulnerability analysis and mitigation

CVE-2024-2551 is a null pointer dereference vulnerability affecting Palo Alto Networks PAN-OS software. The vulnerability was discovered by a customer and disclosed on November 13, 2024. It affects multiple versions of PAN-OS including versions prior to 10.1.14, 10.2.4-h6, 10.2.5, and 11.0.5. The vulnerability enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane (Palo Advisory).

The vulnerability is classified as CWE-476 (NULL Pointer Dereference) and has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability can be exploited by sending a specially crafted packet through the data plane that triggers a null pointer dereference, causing a denial of service condition. The attack vector is network-based (AV:N) with low attack complexity (AC:L) and requires no privileges (PR:N) or user interaction (UI:N) (NVD).

When successfully exploited, the vulnerability results in a denial of service (DoS) condition by stopping a core system service on the firewall. Repeated attempts to trigger this condition can cause the firewall to enter maintenance mode, potentially disrupting network security operations (Palo Advisory).

This vulnerability has been fixed in PAN-OS versions 10.1.14, 10.2.4-h6, 10.2.5, 11.0.5, and all later PAN-OS versions. Organizations are advised to upgrade to these patched versions or later to mitigate the vulnerability. No alternative workarounds are available (Palo Advisory).