Security News > 2022 > August > Firewall Bug Under Active Attack Triggers CISA Warning

Software running Palo Alto Networks' firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency to issue a warning to public and federal IT security teams to apply available fixes.
Any additional attacks exploiting the bug have either not occurred or been publicly reported.
According to Palo Alto Networks advisory; "A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series, VM-Series and CN-Series firewall against an attacker-specified target."
This type of attack allows an adversary to magnify the amount of malicious traffic they generate while obscuring the sources of the attack traffic.
A TCP attack, believed used in the recent Palo Alto Networks attack, is when an attacker sends a spoofed SYN packet, with the original source IP replaced by the victim's IP address, to a range of random or pre-selected reflection IP addresses.
The services at the reflection addresses reply with a SYN-ACK packet to the victim of the spoofed attack.
News URL
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Related news
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)
- Palo Alto Networks tags new firewall bug as exploited in attacks (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)