CVE-2022-0023: 
PAN-OS vulnerability analysis and mitigation

An improper handling of exceptional conditions vulnerability (CVE-2022-0023) was discovered in the DNS proxy feature of Palo Alto Networks PAN-OS software. The vulnerability was found during an internal security review and publicly disclosed on April 13, 2022. This issue affects multiple versions of PAN-OS including versions 8.1, 9.0, 9.1, 10.0, and 10.1, but does not impact PAN-OS 10.2, Panorama appliances, or Prisma Access customers (Palo Alto Advisory).

The vulnerability is classified as an improper handling of exceptional conditions (CWE-755) in the DNS proxy feature. It received a CVSS v3.1 Base Score of 5.9 (Medium severity) with the following metrics: Attack Vector: Network, Attack Complexity: High, Privileges Required: None, User Interaction: None, Scope: Unchanged, Confidentiality Impact: None, Integrity Impact: None, and Availability Impact: High (Palo Alto Advisory).

When exploited, this vulnerability allows a meddler-in-the-middle (MITM) attacker to send specifically crafted traffic to the firewall, causing the service to restart unexpectedly. Repeated exploitation attempts can result in a denial-of-service condition affecting all PAN-OS services by forcing the device to restart in maintenance mode (Palo Alto Advisory).

Palo Alto Networks has released fixes in PAN-OS versions 8.1.22, 9.0.16, 9.1.13, 10.0.10, 10.1.5, and all later versions. For temporary mitigation, customers with a Threat Prevention subscription can block attack traffic by enabling Threat ID 92406 (Applications and Threats content update 8556). Alternatively, administrators can disable the DNS proxy feature until upgrading to a fixed version (Palo Alto Advisory).