Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 a high severity issue in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service attacks.
PAN-OS DDOS flaw
The root cause of the issue affecting the Palo Alto Network devices is a misconfiguration in the PAN-OS URL filtering policy that allows a network-based attacker to conduct reflected and amplified TCP DoS attacks.
The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against a target chosen by the attackers.
This can be exploited if the firewall configuration has a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone.
This issue applies to PA-Series, VM-Series, and CN-Series firewalls when packet-based attack protection and flood protection are not enabled.
Palo Alto disclosed that exploitation of this vulnerability will not compromise the confidentiality, integrity, or availability of the firewall itself.
- To date, Palo Alto Networks has addressed the vulnerability only in PAN-OS 10.1, with the release of platform version 10.1.6-h6
- Palo Alto recommends those waiting for updates remove any router configurations with a security rule that contains a URL filtering policy with one or more.