PAN-OS Flaw on Palo Alto Devices Allow DoS Attack
An incorrect setting in the PAN-OS URL filtering policy allows a network-based attacker to perform mirrored and amplified TCP DoS attacks. “When used improperly, this issue does not affect the confidentiality, integrity or availability of our products,” Palo Alto Networks says.
2024-01-18
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
A serious issue monitored as CVSS score 8.6 (CVE-2022-0028) on Palo Alto Networks devices running the PAN operating system could allow an attacker to launch a denial of service (DoS) attack. The problem arises because of the Palo Alto Networks firewall Pa series (hardware), VM series (virtual), and CN series (container) firewall against the target specified by the attacker. An incorrect setting has occurred in the PAN-OS URL filtering policy that allows a network-based attacker to perform mirrored and amplified TCP DoS attacks. “When used improperly, this issue does not affect the confidentiality, integrity, or availability of our products.
However, the resulting denial of service (DoS) attack can help to hide the identity of the attacker and point to the firewall as the source of the attack, ” says the recommendation of Palo Alto Networks. Unaffectedcloud NGFWNoneAllPAN-Product status versions affected by OS 10.2<10.2. 2-h2 > = 10,2. 2-h2 (ETA: week beginning August 15, 2022) PAN-OS 10.1< 10.1. 6-h6 > = 10,1. 6-h6PAN-OS 10.0<10.0. 11-h1 > = 10.0. 11-h1 (ETA: week of August 15, 2022)PAN-OS 9.1< 9.1. 14-h4 > = 9,1. 14-h4 (ETA: week of August 15, 2022)PAN-OS 9.0< 9.0. 16-h3> = 9.0. 16-h3 (ETA: week until August 15, 2022)PAN-OS 8.1< 8.1. 23-h1 > = 8,1. 23-h1 (aankomst: 15 August 2022)prism Prisma Prisma Prisma 2.1 2.2 to 3.0 3.1 to access no access no access no access no software update is in order to Palo Alto Networks PAN-OS firewall configurations heeft een beveiligingsupdate uitgebracht om een beveiligingsupdate when kwetsbaarheid to Te Paki.
SHARE ON