- CISA has made a warning regarding the vulnerability that exists on Pano Alto Networks devices that uses PAN-OS software.
- The vulnerability emerged in the middle of this month; it has a severity score of 8.6 which translates into “high severity” vulnerability.
- Federal Civilian Executive Branch agencies must apply Palo Alto Networks’ patches to their devices until September 12.
In the middle of August 2022, we shared the news about a vulnerability that exists in Palo Alto Networks’ devices. The vulnerability has a severity score of 8.6 and can be tracked by CVE-2022-0028. It allows threat actors to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
Actively exploited
The vulnerability had made its way into the Cybersecurity & Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog. CISA states that the vulnerability is currently under active exploitation. The vulnerability requires some specific settings in PAN-OS software by Palo Alto Networks, which can be seen below:
- The security policy on the firewall that allows traffic to pass from Zone A to Zone B includes a URL filtering profile with one or more blocked categories.
- Packet-based attack protection is not enabled in a Zone Protection profile for Zone A including both (Packet Based Attack Protection > TCP Drop > TCP Syn With Data) and (Packet Based Attack Protection > TCP Drop > Strip TCP Options > TCP Fast Open).
- Flood protection through SYN cookies is not enabled in a Zone Protection profile for Zone A (Flood Protection > SYN > Action > SYN Cookie) with an activation threshold of 0 connections.
In our first article regarding this vulnerability, only PAN-OS 10.1 was fixed by an update and the estimated time for the remaining versions of PAN-OS was one week. As we check the advisory again, we notice that all of the versions of PAN-OS software have received a fix in just one week, as Palo Alto Networks promised.
FCEB (Federal Civilian Executive Branch) agencies should apply those patches until September 12.