NCERT issues hack alert against vulnerabilities in cybersecurity software

The National Computer Emergency Response Team (NCERT) has issued a critical advisory about a DNS Security vulnerability in Palo Alto Networks PAN-OS, identified as CVE-2024-3393.  

This vulnerability arises from improper input validation and memory handling within the DNS Security feature, allowing attackers to exploit it by sending specially crafted DNS requests. 

The vulnerability poses a severe risk to organizations as it can be exploited without authentication. Palo Alto Networks has released updates to address the issue, urging immediate action to safeguard affected devices and infrastructures. 

The advisory says the exploitation of CVE-2024-3393 can lead to severe outcomes such as denial of service (DoS), disruption of critical traffic inspection, failure in DNS request processing and significant firewall downtime. 

These disruptions jeopardize the functionality of affected systems, leaving enterprise and cloud environments vulnerable to further attacks and the potential exposure of sensitive data. NCERT has emphasized the urgency for organizations to adopt mitigation strategies and apply patches to protect their networks. 

The vulnerability impacts multiple versions of PAN-OS, including all versions of 10.0, versions prior to 10.1.10, 10.2.7, and 11.0.3. Palo Alto Networks has recommended upgrading to the fixed versions of PAN-OS to resolve the issue. For organizations unable to immediately patch their systems, temporary mitigation measures include disabling DNS Security logging, segmenting affected devices, enhancing monitoring, implementing restrictive firewall rules, and reviewing system logs for signs of exploitation. 

Administrators are advised to disable DNS Security logging through security profiles or, for Prisma Access tenants, open support cases to temporarily disable the feature. Segmenting affected devices from critical resources, deploying monitoring solutions, and restricting access controls are additional steps to minimize risks. Regular log audits for anomalies in DNS traffic are also essential for early detection of potential exploitation attempts.

National CERT has stressed that delaying mitigation efforts could lead to operational disruptions and security breaches. Organizations are urged to promptly secure their devices and ensure their network environments remain protected. References to the Palo Alto Networks advisory and other related sources reinforce the critical nature of this threat, underlining the importance of immediate action to maintain network integrity.