Palo Alto 安全中心 03月13日
CVE-2025-0116 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame (Severity: MEDIUM)
index_new5.html
../../../zaker_core/zaker_tpl_static/wap/tpl_guoji1.html

 

Palo Alto Networks PAN-OS软件存在DoS漏洞,未授权攻击者发送特制LLDP帧可使防火墙意外重启并进入维护模式。部分版本已达软件生命周期终点,不受影响的为Cloud NGFWs和Prisma Access软件。若未使用LLDP,应在web界面中禁用以缓解此问题。

📌Palo Alto Networks PAN-OS软件存在DoS漏洞,防火墙会意外重启

📌未授权攻击者利用特制LLDP帧引发问题,防火墙或进维护模式

📌部分版本软件已达生命周期终点,被认为受影响

📌未使用LLDP应在web界面禁用以缓解问题

A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker. Repeated attempts to initiate this condition causes the firewall to enter maintenance mode.

This issue does not apply to Cloud NGFWs or Prisma Access software.

Please note that PAN-OS 11.0, PAN-OS 10.0, PAN-OS 9.1, PAN-OS 9.0, and older releases have reached their software end-of-life (EoL) dates and are no longer evaluated for vulnerabilities and no fixes are planned. These versions are presumed to be affected.

You must have enabled LLDP in your PAN-OS software to be vulnerable to this issue. You can verify whether you have LLDP enabled by following these steps in your web interface:

Palo Alto Networks is not aware of any malicious exploitation of this issue.

If you are not using LLDP, you should disable it to mitigate this issue by performing the following steps in your web interface:

cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h10:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h9:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h7:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h5:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h3:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h1:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:*:*:*:*:*:*:*

cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*

Fish AI Reader

Fish AI Reader

AI辅助创作,多种专业模板,深度分析,高质量内容生成。从观点提取到深度思考,FishAI为您提供全方位的创作支持。新版本引入自定义参数,让您的创作更加个性化和精准。

FishAI

FishAI

鱼阅,AI 时代的下一个智能信息助手,助你摆脱信息焦虑

联系邮箱 441953276@qq.com

相关标签

Palo Alto Networks DoS漏洞 LLDP帧 网络安全
相关文章
MediExcel 泄露了 50 万份患者文件
美国希望提高关键基础设施的网络弹性
IMF:2024年4月全球金融稳定报告