**Update 8/24/2022- If unable to apply Palo hotfix, ensure packet-based attack protection is configured to mitigate.
**
On Monday, CISA added CVE-2022-0028 to its Known Exploited Vulnerabilities Catalog. The CVE is a URL Filtering policy misconfiguration that could allow an unauthenticated external attacker to initiate a reflective DoS (RDOS) attack.
Since this misconfiguration is likely applied to most Palo Alto firewalls, network admins should spend a few minutes reviewing their configs or applying zone protections listed as other mitigators from Palo. The easiest is to check any untrust/ingress zones for interfaces with security policies that have URL filtering. Since the URL filtering is outbound, remove this security profile from security policies.
https://security.paloaltonetworks.com/CVE-2022-0028
"If exploited, this issue would not impact the confidentiality, integrity, or availability of our products," Palo Alto Networks said in an alert. "However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.
The weakness impacts the following product versions and has been addressed as part of updates released this month -
- PAN-OS 10.2 (version < 10.2.2-h2)
- PAN-OS 10.1 (version < 10.1.6-h6)
- PAN-OS 10.0 (version < 10.0.11-h1)
- PAN-OS 9.1 (version < 9.1.14-h4)
- PAN-OS 9.0 (version < 9.0.16-h3), and
- PAN-OS 8.1 (version < 8.1.23-h1)
Comments
Post a Comment