Security News > 2022 > August > Firewall Bug Under Active Attack Triggers CISA Warning
Software running Palo Alto Networks' firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency to issue a warning to public and federal IT security teams to apply available fixes.
Any additional attacks exploiting the bug have either not occurred or been publicly reported.
According to Palo Alto Networks advisory; "A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series, VM-Series and CN-Series firewall against an attacker-specified target."
This type of attack allows an adversary to magnify the amount of malicious traffic they generate while obscuring the sources of the attack traffic.
A TCP attack, believed used in the recent Palo Alto Networks attack, is when an attacker sends a spoofed SYN packet, with the original source IP replaced by the victim's IP address, to a range of random or pre-selected reflection IP addresses.
The services at the reflection addresses reply with a SYN-ACK packet to the victim of the spoofed attack.
News URL
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)