June 3, 2023

Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 a high severity issue in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service attacks.

The US CISA also published an advisory waring the product users to remediate the vulnerability.

Advertisements

Palo Alto finds firewalls from multiple vendors are abused to conduct DDoS attacks, but it did not disclose the name of the impacted companies.

The cause of the issue affecting the Palo Alto Network devices is a misconfiguration in the PAN-OS URL filtering policy that allows a network-based attacker to conduct reflected and amplified TCP DoS attacks.

The DoS attack would appear to originate from a Palo Alto Networks PA-Series , VM-Series and CN-Series firewall against a target chosen by the attackers.

This can be exploited if the firewall configuration has a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface.

Advertisements

The flaw can be mitigated by removing the URL filtering policy. This flaw would not impact CIA of Palo Alto Networks products. But the DoS attack may allow threat actors to hide their identity and implicate the firewall as the source of the attack.

Palo Alto recommends enabling only one security feature between packet-based attack protection and flood protection..

Tags:

Leave a Reply

You may have missed

Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
CISA KEV Update Part I – May 2023

CISA KEV Update Part I – May 2023

June 3, 2023
Gigabyte Motherboards Backdoor’ed

Gigabyte Motherboards Backdoor’ed

June 3, 2023
MOVEit Vulnerability Exploited in Wild

MOVEit Vulnerability Exploited in Wild

June 2, 2023
CasePoint Suffers a Data Breach

CasePoint Suffers a Data Breach

June 2, 2023
CyberArk Identity Security Web Browser

CyberArk Identity Security Web Browser

June 1, 2023
%d bloggers like this: