Security News > 2022 > August > Firewall Bug Under Active Attack Triggers CISA Warning
Software running Palo Alto Networks' firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency to issue a warning to public and federal IT security teams to apply available fixes.
Any additional attacks exploiting the bug have either not occurred or been publicly reported.
According to Palo Alto Networks advisory; "A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series, VM-Series and CN-Series firewall against an attacker-specified target."
This type of attack allows an adversary to magnify the amount of malicious traffic they generate while obscuring the sources of the attack traffic.
A TCP attack, believed used in the recent Palo Alto Networks attack, is when an attacker sends a spoofed SYN packet, with the original source IP replaced by the victim's IP address, to a range of random or pre-selected reflection IP addresses.
The services at the reflection addresses reply with a SYN-ACK packet to the victim of the spoofed attack.
News URL
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- CISA: Here’s how you can foil DDoS attacks (source)
- Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation (source)
- 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (source)
- Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack (source)