Palo Alto Networks PAN-OS
Easy fix5 remedies
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*
Easy fix5 remedies
- >= 11.2.0, <= 11.2.4
- >= 11.1.0, <= 11.1.7
- >= 11.1.0, <= 11.1.6
- 11.0
Palo Alto Networks PAN-OS Web Proxy Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in Palo Alto Networks PAN-OS software versions 11.0 and later, excluding the Cloud NGFW and Prisma Access products. The issue arises from a missing exception check in the web proxy feature, which, when enabled, allows an unauthenticated attacker to send a burst of maliciously crafted packets. This causes the firewall to become unresponsive and eventually reboot. Repeated exploitation can lead the firewall to enter maintenance mode.
Impact
Exploitation of this vulnerability causes the firewall to become unresponsive and reboot. After multiple successful attempts, the firewall may enter maintenance mode.
Remediation
Users can upgrade to PAN-OS 11.2.5 or 11.1.7-h2, 11.1.8 or later. If the web proxy feature is not needed, it can be disabled to mitigate this issue.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
2.5exploitability
7.0remediation
8.3relevance
0.0threat
0.0urgency
5.7incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.