The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added a safety flaw impacting Palo Alto Networks PAN-OS to its Identified Exploited Vulnerabilities Catalog, primarily based on proof of lively exploitation.
The high-severity vulnerability, tracked as CVE-2022-0028 (CVSS rating: 8.6), is a URL filtering coverage misconfiguration that might enable an unauthenticated, distant attacker to hold out mirrored and amplified TCP denial-of-service (DoS) assaults.
“If exploited, this difficulty wouldn’t impression the confidentiality, integrity, or availability of our merchandise,” Palo Alto Networks mentioned in an alert. “Nonetheless, the ensuing denial-of-service (DoS) assault could assist obfuscate the id of the attacker and implicate the firewall because the supply of the assault.
The weak spot impacts the next product variations and has been addressed as a part of updates launched this month –
- PAN-OS 10.2 (model < 10.2.2-h2)
- PAN-OS 10.1 (model < 10.1.6-h6)
- PAN-OS 10.0 (model < 10.0.11-h1)
- PAN-OS 9.1 (model < 9.1.14-h4)
- PAN-OS 9.0 (model < 9.0.16-h3), and
- PAN-OS 8.1 (model < 8.1.23-h1)
The networking gear maker mentioned it found the vulnerability after being notified that prone firewall home equipment from completely different distributors, together with Palo Alto Networks, had been getting used as a part of an tried mirrored denial-of-service (RDoS) assault.
In mild of lively exploitation, clients of affected merchandise are suggested to use the related patches to mitigate potential threats. Federal Civilian Government Department (FCEB) businesses are mandated to replace to the most recent model by September 12, 2022.