The U.S. Cybersecurity and Infrastructure Security Company (CISA) on Monday included a security flaw impacting Palo Alto Networks PAN-OS to its Recognised Exploited Vulnerabilities Catalog, based mostly on evidence of active exploitation.
The superior-severity vulnerability, tracked as CVE-2022-0028 (CVSS rating: 8.6), is a URL filtering plan misconfiguration that could permit an unauthenticated, distant attacker to have out mirrored and amplified TCP denial-of-provider (DoS) attacks.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“If exploited, this issue would not effect the confidentiality, integrity, or availability of our products and solutions,” Palo Alto Networks reported in an notify. “However, the ensuing denial-of-support (DoS) attack may well aid obfuscate the identity of the attacker and implicate the firewall as the supply of the attack.
The weak point impacts the next merchandise variations and has been dealt with as aspect of updates launched this month –
- PAN-OS 10.2 (model < 10.2.2-h2)
- PAN-OS 10.1 (version < 10.1.6-h6)
- PAN-OS 10.0 (version < 10.0.11-h1)
- PAN-OS 9.1 (version < 9.1.14-h4)
- PAN-OS 9.0 (version < 9.0.16-h3), and
- PAN-OS 8.1 (version < 8.1.23-h1)
The networking equipment maker said it discovered the vulnerability after being notified that susceptible firewall appliances from different vendors, including Palo Alto Networks, were being used as part of an attempted reflected denial-of-service (RDoS) attack.
In mild of energetic exploitation, buyers of impacted products are advised to use the suitable patches to mitigate opportunity threats. Federal Civilian Government Branch (FCEB) organizations are mandated to update to the most recent edition by September 12, 2022.
Uncovered this write-up appealing? Comply with THN on Facebook, Twitter and LinkedIn to study more distinctive written content we publish.
Some parts of this short article are sourced from:
thehackernews.com