https://live.paloaltonetworks.com/t5/advanced-threat-prevention/malicious-traffic-related-to-cve-2024-9472-and-cve-2024-3393-dos/m-p/1000103#M2396 <P><FONT color="#FF0000"><FONT color="#000000">This issue is already resolved.</FONT><BR /><FONT color="#000000"><A href="https://live.paloaltonetworks.com/t5/general-topics/regarding-security-advisory-cve-2024-3393/td-p/999701" target="_blank">https://live.paloaltonetworks.com/t5/general-topics/regarding-security-advisory-cve-2024-3393/td-p/999701</A></FONT><EM><BR /></EM></FONT></P> <P>&nbsp;</P> <P><FONT color="#FF0000"><EM><A href="https://nvd.nist.gov/vuln/detail/CVE-2024-3393" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2024-3393</A></EM></FONT></P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 04 Jan 2025 20:22:09 GMT Mudhireddy 2025-01-04T20:22:09Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/malicious-traffic-related-to-cve-2024-9472-and-cve-2024-3393-dos/m-p/1000069#M2395 <P>&nbsp;</P> <P>Can anyone share any technical insight into what the attack payload might be or you may be observing in your Threat logs?<BR />We have found some malformed DNS packet sent to port 53 that the FW labels as MS Windows NAT Helper DNS Query DoS Vulnerability (31339)<BR />These packets contain a NULL Pointer Dereference payload that we think is triggering the vulnerabilities.</P> <P>Any technical insight from the community is appreciated. Thank you.</P> Fri, 03 Jan 2025 21:22:14 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/malicious-traffic-related-to-cve-2024-9472-and-cve-2024-3393-dos/m-p/1000069#M2395 L.Avendano 2025-01-03T21:22:14Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/malicious-traffic-related-to-cve-2024-9472-and-cve-2024-3393-dos/m-p/1000103#M2396 <P><FONT color="#FF0000"><FONT color="#000000">This issue is already resolved.</FONT><BR /><FONT color="#000000"><A href="https://live.paloaltonetworks.com/t5/general-topics/regarding-security-advisory-cve-2024-3393/td-p/999701" target="_blank">https://live.paloaltonetworks.com/t5/general-topics/regarding-security-advisory-cve-2024-3393/td-p/999701</A></FONT><EM><BR /></EM></FONT></P> <P>&nbsp;</P> <P><FONT color="#FF0000"><EM><A href="https://nvd.nist.gov/vuln/detail/CVE-2024-3393" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2024-3393</A></EM></FONT></P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 04 Jan 2025 20:22:09 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/malicious-traffic-related-to-cve-2024-9472-and-cve-2024-3393-dos/m-p/1000103#M2396 Mudhireddy 2025-01-04T20:22:09Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/malicious-traffic-related-to-cve-2024-9472-and-cve-2024-3393-dos/m-p/1000104#M2397 <P>Yup! Yup! I know there’s a fix for these. I’m more interested in what the attack payload is thats causing the NULL pointer bug to trip the process.</P> Sat, 04 Jan 2025 22:34:53 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/malicious-traffic-related-to-cve-2024-9472-and-cve-2024-3393-dos/m-p/1000104#M2397 L.Avendano 2025-01-04T22:34:53Z