PatchSiren cyber security CVE debrief
CVE-2024-2550 Palo Alto Networks CVE debrief
A null pointer dereference vulnerability in the GlobalProtect gateway of Palo Alto Networks PAN-OS software allows unauthenticated remote attackers to cause denial of service (DoS) by stopping the GlobalProtect service through a specially crafted packet. Repeated exploitation can force the firewall into maintenance mode. This vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Alto Networks Virtual NGFW. The issue was published on November 22, 2024, with the advisory last modified on June 10, 2025. A vendor fix is available requiring upgrade to Palo Alto Networks Virtual NGFW V11.1.8.
- Vendor
- Palo Alto Networks
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-22
- Original CVE updated
- 2025-06-10
- Advisory published
- 2024-11-22
- Advisory updated
- 2025-06-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW, particularly in industrial control system (ICS) and operational technology (OT) environments. Security teams responsible for VPN gateway infrastructure, firewall administrators, and OT security practitioners should prioritize this vulnerability due to the unauthenticated attack vector and potential for repeated exploitation to force maintenance mode. Organizations with remote access dependencies on GlobalProtect for critical infrastructure operations face elevated risk from service disruption.
Technical summary
The vulnerability exists in the GlobalProtect gateway component of Palo Alto Networks PAN-OS software. A null pointer dereference can be triggered by an unauthenticated attacker sending a specially crafted packet to the GlobalProtect gateway. Successful exploitation causes the GlobalProtect service to stop, resulting in denial of service. Repeated exploitation attempts can escalate the impact, causing the firewall to enter maintenance mode. The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network attack vector, low attack complexity, no privileges required, no user interaction, and high availability impact. This vulnerability is particularly significant in operational technology (OT) environments where Siemens RUGGEDCOM APE1808 devices deploy Palo Alto Networks Virtual NGFW for industrial network protection.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version 11.1.8 per vendor guidance; contact Palo Alto Networks customer support to obtain patch and update information
- Monitor GlobalProtect service availability and firewall operational state for unexpected maintenance mode transitions
- Apply network segmentation to restrict GlobalProtect gateway exposure to authorized sources only
- Review and implement CISA ICS recommended practices for defense-in-depth strategies
- Validate that DNS Security logging configurations do not introduce additional attack surface from related vulnerabilities (CVE-2024-3393) documented in subsequent advisory revisions
Evidence notes
CVE description and remediation details sourced from CISA CSAF advisory ICSA-24-338-02. CVSS 3.1 score of 7.5 (HIGH) confirmed. Vendor fix specified as upgrade to Palo Alto Networks Virtual NGFW V11.1.8 with contact to customer support for patch information.
Official resources
-
CVE-2024-2550 CVE record
CVE.org
-
CVE-2024-2550 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-22