September 22, 2023

Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 a high severity issue in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service attacks.

The US CISA also published an advisory waring the product users to remediate the vulnerability.


Palo Alto finds firewalls from multiple vendors are abused to conduct DDoS attacks, but it did not disclose the name of the impacted companies.

The cause of the issue affecting the Palo Alto Network devices is a misconfiguration in the PAN-OS URL filtering policy that allows a network-based attacker to conduct reflected and amplified TCP DoS attacks.

The DoS attack would appear to originate from a Palo Alto Networks PA-Series , VM-Series and CN-Series firewall against a target chosen by the attackers.

This can be exploited if the firewall configuration has a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface.


The flaw can be mitigated by removing the URL filtering policy. This flaw would not impact CIA of Palo Alto Networks products. But the DoS attack may allow threat actors to hide their identity and implicate the firewall as the source of the attack.

Palo Alto recommends enabling only one security feature between packet-based attack protection and flood protection..

Leave a Reply

%d bloggers like this: