Catalog product

CISA Adds Palo Alto Networks PAN-OS Vulnerability to Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw affecting Palo Alto Networks PAN-OS to its catalog of known exploited vulnerabilities.

Tracking CVE-2022-0028, the vulnerability has a CVSS of 8.6 and is based on the misconfiguration of the PAN-OS URL Filtering Policy, which could allow an unauthenticated network-based attacker to perform Denial of Service (DoS) attacks Mirrored and amplified TCP.

“To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external network interface “said Palo Alto Networks earlier this month.

“This configuration is not typical for URL filtering and, if set, is likely unintentional on the part of the administrator.”

The company also confirmed that if exploited, this issue would not impact the confidentiality, integrity or availability of its products.

“However, the resulting denial of service (DoS) attack may help obscure the identity of the attacker and implicate the firewall as the source of the attack,” Palo Alto Networks wrote.

The flaw has now been patched by the company, but before issuing a patch, Palo Alto Networks confirmed that a thoughtful DoS (RDoS) attack attempt had been identified by a service provider.

“This attempted attack took advantage of sensitive firewalls from multiple vendors, including Palo Alto Networks. We immediately started to find the root cause and fix this issue. »

To prevent DoS attacks resulting from this issue from various sources, the company has suggested that system administrators configure their Palo Alto Networks firewalls by enabling one of two-zone protection attenuations on all security zones with an assigned security policy that includes a URL filtering profile.

News of the vulnerability patched and added to CISA’s catalog comes weeks after security researchers at Palo Alto Networks spotted a new Ursula campaign against DropBox and Google Drive accounts.