Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks

Home/Exploitation, malicious cyber actors, Malicious extension, Security Advisory, Security Update, vulnerability/Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks

Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks

Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 a high severity issue in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service attacks.

PAN-OS DDOS flaw

The root cause of the issue affecting the Palo Alto Network devices is a misconfiguration in the PAN-OS URL filtering policy that allows a network-based attacker to conduct reflected and amplified TCP DoS attacks.

The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against a target chosen by the attackers.

This can be exploited if the firewall configuration has a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone.

 This issue applies to PA-Series, VM-Series, and CN-Series firewalls when packet-based attack protection and flood protection are not enabled.

Palo Alto disclosed that exploitation of this vulnerability will not compromise the confidentiality, integrity, or availability of the firewall itself.

Recommendation

  • To date, Palo Alto Networks has addressed the vulnerability only in PAN-OS 10.1, with the release of platform version 10.1.6-h6
  • Palo Alto recommends those waiting for updates remove any router configurations with a security rule that contains a URL filtering policy with one or more.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!