September 22, 2023

Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 a high severity issue in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service attacks.

The US CISA also published an advisory waring the product users to remediate the vulnerability.

Advertisements

Palo Alto finds firewalls from multiple vendors are abused to conduct DDoS attacks, but it did not disclose the name of the impacted companies.

The cause of the issue affecting the Palo Alto Network devices is a misconfiguration in the PAN-OS URL filtering policy that allows a network-based attacker to conduct reflected and amplified TCP DoS attacks.

The DoS attack would appear to originate from a Palo Alto Networks PA-Series , VM-Series and CN-Series firewall against a target chosen by the attackers.

This can be exploited if the firewall configuration has a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface.

Advertisements

The flaw can be mitigated by removing the URL filtering policy. This flaw would not impact CIA of Palo Alto Networks products. But the DoS attack may allow threat actors to hide their identity and implicate the firewall as the source of the attack.

Palo Alto recommends enabling only one security feature between packet-based attack protection and flood protection..

Tags:

Leave a Reply

You may have missed

SandMan APT Group in action against Telcos

September 22, 2023

Gold Melody IAB Unsunging for Several Years

September 22, 2023

Apple fixes trio of Zeroday Exploits

September 22, 2023

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023
%d bloggers like this: