Security News > 2022 > August > Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks
Palo Alto Networks has issued a security advisory warning of an actively exploited high-severity vulnerability impacting PAN-OS, the operating system used by the company's networking hardware products.
The issue, tracked as CVE-2022-0028, is an URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out amplified TCP denial-of-service attacks.
Using the vulnerability, a hacker could enlist a Palo Alto Networks PAN-OS device for DDoS attacks, obfuscating the original IP of the threat actor and making remediation more challenging.
Threat actors could use these attacks for various malicious behavior, such as extortion or to disrupt a company's business operations.
Palo Alto Networks states that they discovered this vulnerability after they were notified one of their devices was being used as part of an attempted reflected denial-of-service attack, meaning that the bug is actively used in attacks.
While a misconfiguration is required to remotely use a PAN-OS device to perform RDoS attacks, Palo Alto Networks is fixing the bug to prevent it from being abused both remotely and internally.
News URL
Related news
- DDoS Attacks Now Key Weapons in Geopolitical Conflicts, NETSCOUT Warns (source)
- Cloudflare mitigates record number of DDoS attacks in 2025 (source)
- DDoS attacks jump 358% compared to last year (source)
- Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks (source)
- Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks (source)
- New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-0028 | Unspecified vulnerability in Paloaltonetworks Pan-Os A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. | 8.6 |