Scroll Top
19th Ave New York, NY 95822, USA
+1 916-875-223-5968
Join Now

CISA: high-severity PAN-OS DDoS flaw used in attacks

CISA
August 23, 2022

A recent vulnerability found in Palo Alto Networks’ PAN-OS has been added to the catalog of Known Exploitable Vulnerabilities from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The security issue is a high-severity risk identified as CVE-2022-0028 that allows a remote threat actor to deploy reflected and amplified denial-of-service (DoS) attacks without having to authenticate.

Certain conditions apply

Several PAN-OS versions powering PA-Series, VM-Series, and CN-Series devices are vulnerable to CVE-2022-0028 and Palo Alto Networks has released patches for all of them.

While exploiting the flaw can only cause a DoS condition on the affected device, it has already been used for at least one attack.

In a security advisory on August 12, Palo Alto Networks says that they became aware of the issue after receiving an alert about an attempted reflected denial-of-service (RDoS) attack through one of its products.

According to the vendor, a threat actor exploiting the issue could hide their original IP address, making remediation a more difficult task.

PAN-OS

CISA is warning federal agencies that they should apply available fixes by September 9 and is using the following summary to describe it:

A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

Palo Alto Networks that CVE-2022-0028 is exploitable only under certain conditions, which are not part of a common firewall configuration:

  • The security policy on the firewall that allows traffic to pass from Zone A to Zone B includes a URL filtering profile with one or more blocked categories
  • Packet-based attack protection is not enabled in a Zone Protection profile for Zone A, including both (Packet Based Attack Protection > TCP Drop > TCP Syn With Data) and (Packet Based Attack Protection > TCP Drop > Strip TCP Options > TCP Fast Open)
  • Flood protection through SYN cookies is not enabled in a Zone Protection profile for Zone A (Flood Protection > SYN > Action > SYN Cookie) with an activation threshold of 0 connections

If organizations with vulnerable devices cannot apply the most recent updates immediately, they can use the following guide from the vendor as a workaround until fixes can be installed.

The current catalog of Known Exploitable Vulnerabilities from CISA lists 802 security issues that organizations around the world could use to improve their defenses.

Source: www.bleepingcomputer.com

Related Posts

Cisco: 4 critical bugs with public exploit code affect multiple Small Business Series Switches

Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series…

18 May 2023
CISA adds 15 bugs to the “Known Exploited Vulnerabilities Catalog”

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities…

17 Mar 2022
MOVEit Transfer: New SQL injection vulnerability was shared online

Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection (SQLi)…

16 Jun 2023
Microsoft: Critical flaws could give attackers root privileges on Linux desktops

Microsoft has discovered vulnerabilities in system components commonly used on Linux desktops that could allow an attacker to elevate privileges…

27 Apr 2022
Tatsu WordPress plugin: Critical bug exploited by hackers

Hackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on…

18 May 2022
Hackers exploit flaw in Control Web Panel to open reverse shells

Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly…

13 Jan 2023
WordPress force installs security patch to address a bug in the Jetpack WordPress plug-in

Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of…

31 May 2023
GitLab recommends patching critical vulnerability

GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise…

25 Aug 2022
Linux vulnerability gives root privileges on all major distros

A new Linux vulnerability known as ‘Dirty Pipe’ allows local users to gain root privileges through publicly available exploits. Today,…

08 Mar 2022
New SLP vulnerability can lead to massive DDoS attacks with 2,200X amplification

A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service…

26 Apr 2023
A big number of critical bugs in WordPress plugins don’t get a patch

Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security…

10 Mar 2022
VMware patches Spring4Shell vulnerability in multiple products

VMware has published security updates for the critical remote code execution vulnerability known as Spring4Shell, which impacts several of its…

05 Apr 2022
Git patches two critical security vulnerabilities

Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based…

18 Jan 2023
Critical PHP vulnerability exposes QNAP NAS devices to RCE attacks

QNAP has warned customers today that some of its Network Attached Storage (NAS) devices (with non-default configurations) are vulnerable to…

23 Jun 2022
Microsoft February 2023 Patch Tuesday fixes over 75 flaws

Today is Microsoft’s February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of…

15 Feb 2023