Skip to main content

**Update 8/24/2022- If unable to apply Palo hotfix, ensure packet-based attack protection is configured to mitigate.  

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/zone-protection-and-dos-protection/configure-zone-protection-to-increase-network-security/configure-packet-based-attack-protection

**

On Monday, CISA added CVE-2022-0028 to its Known Exploited Vulnerabilities Catalog.  The CVE is a URL Filtering policy misconfiguration that could allow an unauthenticated external attacker to initiate a reflective DoS (RDOS) attack.  

Since this misconfiguration is likely applied to most Palo Alto firewalls, network admins should spend a few minutes reviewing their configs or applying zone protections listed as other mitigators from Palo.  The easiest is to check any untrust/ingress zones for interfaces with security policies that have URL filtering.  Since the URL filtering is outbound, remove this security profile from security policies.  


https://security.paloaltonetworks.com/CVE-2022-0028

"If exploited, this issue would not impact the confidentiality, integrity, or availability of our products," Palo Alto Networks said in an alert. "However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.

The weakness impacts the following product versions and has been addressed as part of updates released this month -

  • PAN-OS 10.2 (version < 10.2.2-h2)
  • PAN-OS 10.1 (version < 10.1.6-h6)
  • PAN-OS 10.0 (version < 10.0.11-h1)
  • PAN-OS 9.1 (version < 9.1.14-h4)
  • PAN-OS 9.0 (version < 9.0.16-h3), and
  • PAN-OS 8.1 (version < 8.1.23-h1)



Comments

Popular posts from this blog

Python Tip Calculator I was reviewing some fundamental tutorials covering Python programming and used this code below to create a simple Tip Calculator.  ( https://www.codecademy.com/learn ) Nothing Fancy!! This was just for learning, but was kind of fun.  You can easily elaborate on what is provided by adding some additional conditionals with elif and/or else. **Code provided below for easy copy/paste. ######################################################## import sys import datetime meal = float(input('Please Enter the Meal Cost:  ')) tax = float(input('Please Enter the Tax %:  ')) tip = float(input('Please Enter the Tip Percentage %:  ')) date = datetime.datetime.now() if tax >= 0:     tax = tax * .01 if tip >= 0:     tip = tip * .01 meal = meal + meal * tax total = meal + meal * tip output = round(total,2) print("\nTOTAL\n") print(date.strftime("%I:%M:%S %m/%d/%Y"),'\n$',output,'\
Update 8/18/2022: Revisiting this thread is an opportunity to update what I have been using.  Since Microsoft left the media center sphere, I was on a search for something to fill the void.  Several iterations of looking at the early android google TV and Nvidia setups left me still searching.  With Chromecast and updated variants of google TV working great with cloud services and casting, I still needed my local DVR options and playing media library.   WELL, my answer is probably no surprise to many.  PLEX.  I have used plex for probably 4 years and bought the Lifetime Plex pass.   PROBLEM SOLVED!! >>>>>>>>>>>>>>>>>>. With Windows Media Center taking the last death blow from Microsoft, the Roku 4 might make switching less painless.   Roku 4 pre-order.  Expected Ship Date 10/21/2015. https://www.roku.com/products/roku-4

USB Flash Drive Security Reminder:

USB Flash Drives have more than One Use Do not trust unknown or free USB devices. It is recommended to look at purchasing more expensive USB sticks that have signed firmware. People have been using USB devices to deploy malware through Trojan techniques. Either malware is copied to the device with the hope of people plugging the device in and clicking on the file or it automatically executes on insertion. BADUSB has also now afforded the opportunity to include payloads into modified USB firmware that execute on driver installation of the device. The malware payload cannot be scanned by traditional detection methods since it resides in firmware. Other techniques, also utilizing the failure to check for signed firmware, are to implement cross platform scripting to execute keyboard based commands on insertion. There are also USB devices being sold that are designed to destroy the device it is connected to. This is not an exhaustive listing and you should not live in FUD abou