A high-severity vulnerability was found in Palo Alto Networks’ PAN-OS. According to Palo Alto Networks, CVE-2022-0028 is a URL filtering policy misconfiguration issue that could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
The bug has been given a CVSS score of 8.6 and was added to the Cyber Security and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalogue. CVE-2022-0028 was discovered when Palo Alto Networks received a warning regarding a RDoS attack attempt through one of their products – a Palo Alto Networks PA-series, VM Series, and CN-Series firewall against an attacker-specified target.
Palo Alto Networks stated that if an attacker exploits the vulnerability, the integrity or confidentiality of their products would not be impacted. However, the RDoS attack could help an attacker obfuscate their identity and implicate the firewall as the source of the attack. The company stated that they have addressed the issue in their PAN-OS software and that all updates are now available.
Palo Alto Networks has resolved the issue for Cloud NGFW and Prisma Access customers and there is no additional action required from them. The vulnerability does not impact Panorama M-Series or Panorama virtual appliances. Palo Alto Networks has fixed the flaw in the following PAN-OS versions:
Palo Alto Networks recommends the following Workarounds and Mitigations for CVE-2022-0028:
INDICATOR'S OF COMPROMISE (IOCS):At this time, there are no known IoCs associated with CVE-2022-0028. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
Related Reading: When Cybercriminal Gangs Go Dark - Avaddon, AstraLocker, and Conti