Denial-of-Service Vulnerabilities Disrupting Network Perimeter and Wi‑Fi Infrastructure
A DoS vulnerability in Palo Alto Networks PAN-OS tracked as CVE-2024-3393 was reported as actively exploited in the wild, allowing unauthenticated remote attackers to send specially crafted DNS packets that can force affected firewalls to reboot and, with repeated triggering, potentially enter maintenance mode, effectively disabling perimeter enforcement. Reported impact is tied to the data plane when DNS Security is enabled and DNS Security logging is active, and it may affect multiple form factors (including PA-Series, VM-Series, CN-Series, and Prisma Access) where the DNS Security license is applied; advisories urge rapid patching/mitigation due to the risk of losing network security controls.
Separately, researchers disclosed a Broadcom chipset software flaw affecting at least the ASUS RT-BE86U that enables an unauthenticated, in-range attacker on 5 GHz Wi‑Fi to send a single malformed frame that immediately disconnects clients, requiring a manual router reset; the issue was found via fuzzing, fixed by Broadcom, and addressed by ASUS in updated firmware (reported fixed in 3.0.0.6.102_37841, affecting 3.0.0.6.102_37612 and older). A Palo Alto Networks advisory on a Chromium monthly vulnerability update lists multiple Chromium CVEs incorporated into Palo Alto products, but it is not directly related to the PAN-OS DNS DoS exploitation or the Broadcom/ASUS Wi‑Fi DoS issue.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Palo Alto and CISA publish mitigation guidance for CVE-2024-3393
Palo Alto Networks issued fixed PAN-OS releases and recommended mitigations, including disabling DNS Security logging as a temporary workaround for affected deployments. CISA also warned on the issue and included the vulnerability in its Known Exploited Vulnerabilities catalog.
Palo Alto PAN-OS DoS flaw CVE-2024-3393 is exploited in the wild
A high-severity denial-of-service vulnerability in Palo Alto Networks PAN-OS, tracked as CVE-2024-3393, was reported as being actively exploited against exposed firewalls. The flaw allows unauthenticated attackers to send crafted DNS packets that can crash the data plane, reboot devices, and potentially push them into maintenance mode.
Broadcom and ASUS release fixes for affected ASUS router firmware
Broadcom released a fix for the chipset software flaw and ASUS issued updated firmware to address the issue in affected routers. The vulnerable ASUS RT-BE86U firmware includes version 3.0.0.6.102_37612 and older, with a fix available in version 3.0.0.6.102_37841.
Black Duck discovers Broadcom Wi-Fi DoS flaw affecting ASUS routers
Black Duck disclosed a denial-of-service vulnerability in Broadcom chipset software affecting certain ASUS routers, identified during fuzz testing of the ASUS RT-BE86U. An unauthenticated attacker within 5 GHz Wi-Fi range can send a malformed frame that disconnects all clients and requires a manual router reset to restore connectivity.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Palo Alto PAN-OS Vulnerabilities Including ADNS DoS (CVE-2026-0229)
Palo Alto Networks published fixes for multiple **PAN-OS** vulnerabilities affecting supported releases (including PAN-OS 12.1, 11.2, 11.1, and 10.2) and related services such as *Prisma Access* and *Prisma Browser*. The Canadian Centre for Cyber Security amplified the vendor guidance, pointing organizations to apply updates and mitigations for PAN-OS and Prisma products, including **CVE-2026-0228** and **CVE-2026-0229**, and a separate Chromium monthly update advisory referenced by Palo Alto. **CVE-2026-0229** is a network-reachable denial-of-service condition in PAN-OS’s **Advanced DNS Security (ADNS)** feature that can allow an unauthenticated attacker to trigger system reboots with a maliciously crafted packet; repeated triggering can push a firewall into maintenance mode, creating a high availability impact. Exposure requires ADNS to be enabled and a spyware profile action set to `block`, `sinkhole`, or `alert` (i.e., not `allow`); Palo Alto stated *Cloud NGFW* and *Prisma Access* are not impacted by this specific issue and reported no known exploitation. **CVE-2026-0228** involves improper certificate validation that can allow Windows Terminal Server Agents to connect using expired certificates under certain configurations, with no workaround noted by the vendor; affected organizations are advised to upgrade to fixed PAN-OS versions per Palo Alto’s guidance.
Mar 21, 2026
Palo Alto Networks PAN-OS and Prisma Browser Vulnerabilities Disclosed
Palo Alto Networks disclosed a denial-of-service (DoS) vulnerability, identified as CVE-2025-4619, affecting PAN-OS software on PA-Series, VM-Series, CN-Series firewalls, and Prisma Access. This vulnerability allows an unauthenticated attacker to reboot a firewall by sending specially crafted packets through the data plane, potentially causing the device to enter maintenance mode if exploited repeatedly. The company has detailed affected and unaffected PAN-OS versions and confirmed that Cloud NGFW is not impacted. Prisma Access customers have largely been upgraded, with remaining updates scheduled. Additionally, Palo Alto Networks released its November 2025 monthly vulnerability update for Chromium and Prisma Browser, addressing multiple CVEs, including several Chromium vulnerabilities and three specific to Prisma Browser (CVE-2025-4616, CVE-2025-4617, CVE-2025-4618). The Canadian Centre for Cyber Security issued an advisory summarizing these disclosures and urging administrators to review the advisories, apply mitigations, and update affected products to secure their environments against these vulnerabilities.
Mar 21, 2026
Palo Alto PAN-OS Flaws Enable Root Command Execution, Privilege Escalation, and DoS
Palo Alto Networks disclosed and patched multiple vulnerabilities in **PAN-OS** affecting **PA-Series**, **VM-Series**, and **Panorama**, including `CVE-2026-0273`, an authenticated administrator command injection flaw in the **CLI** and **web management interface** that can allow arbitrary commands to run as **root**. The vendor also fixed `CVE-2026-0272`, an authenticated **CLI privilege escalation** issue, and `CVE-2026-0266`, a **stored XSS** vulnerability in the web interface. A separate issue, `CVE-2026-0269`, can trigger a **denial of service** through crafted tunnel traffic and repeatedly reboot affected firewalls, potentially forcing them into maintenance mode. Affected versions span supported **PAN-OS 12.1, 11.2, 11.1, and 10.2** release trains, while **Cloud NGFW** and **Prisma Access** were reported as unaffected. Palo Alto Networks said it was not aware of active exploitation at disclosure time and urged customers to upgrade promptly, restrict management access to trusted internal IPs, limit CLI exposure, and use hardened jump boxes; for `CVE-2026-0273`, organizations with **Threat Prevention** can also enable dedicated **Threat IDs** to help block exploit attempts when management traffic is inspectable and decrypted.
Jun 12, 2026