Security News > 2022 > August > Palo Alto bug used for DDoS attacks and there's no fix yet

Palo Alto bug used for DDoS attacks and there's no fix yet
2022-08-12 23:17

A high-severity Palo Alto Networks denial-of-service vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week.

The vulnerability, tracked as CVE-2022-0028, received an 8.6 out of 10 CVSS score, and it affects PAN OS, the operating system in Palo Alto Networks' network security products.

Panorama M-Series or Panorama virtual appliances, and Palo Alto Networks, have already had the issue fixed for cloud-based firewall and Prisma Access customers.

Palo Alto Networks patched PAN-OS version 10.1.6-h6 and all later PAN-OS versions for its PA-Series, VM-Series and CN-Series firewalls.

The bug is caused by a URL filtering policy misconfiguration that could allow an external attacker with network access to conduct reflected and amplified TCP denial-of-service attacks, according to Palo Alto Networks' security advisory.

While waiting for a patch, Palo Alto Networks does recommend some workarounds.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/12/palo_alto_bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-0028 Unspecified vulnerability in Paloaltonetworks Pan-Os
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
network
low complexity
paloaltonetworks
8.6