CISA Adds Palo Alto Networks’ PAN-OS Vulnerability to Catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw affecting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog on Monday.

    Tracked CVE-2022-0028, the vulnerability has a CVSS of 8.6 and is based on the misconfiguration of the PAN-OS URL filtering policy, which could allow a network-based unauthenticated attacker to perform mirrored and amplified TCP denial-of-service (DoS) attacks.

    “To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface,” Palo Alto Networks said earlier this month.

    “This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator.”

    The company also confirmed that if exploited, this issue would not impact the confidentiality, integrity, or availability of its products.

    “However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack,” Palo Alto Networks wrote.

    The flaw has now been patched by the company, but before issuing a patch, Palo Alto Networks confirmed an attempted reflected DoS (RDoS) attack was identified by a service provider.

    “This attempted attack took advantage of susceptible firewalls from multiple vendors, including Palo Alto Networks. We immediately started to root cause and remediate this issue.”

    To prevent DoS attacks resulting from this issue from various sources, the company suggested system administrators configure their Palo Alto Networks firewalls by enabling one of the two-zone protection mitigations on all security zones with an assigned security policy that includes a URL filtering profile.

    The news of the vulnerability being patched and added to CISA’s catalog comes weeks after Palo Alto Networks’ security researchers spotted a new Ursula campaign against DropBox and Google Drive accounts.