Security News > 2022 > August > Firewall Bug Under Active Attack Triggers CISA Warning

Software running Palo Alto Networks' firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency to issue a warning to public and federal IT security teams to apply available fixes.

Any additional attacks exploiting the bug have either not occurred or been publicly reported.

According to Palo Alto Networks advisory; "A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series, VM-Series and CN-Series firewall against an attacker-specified target."

This type of attack allows an adversary to magnify the amount of malicious traffic they generate while obscuring the sources of the attack traffic.

A TCP attack, believed used in the recent Palo Alto Networks attack, is when an attacker sends a spoofed SYN packet, with the original source IP replaced by the victim's IP address, to a range of random or pre-selected reflection IP addresses.

The services at the reflection addresses reply with a SYN-ACK packet to the victim of the spoofed attack.

News URL

https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/