Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-0028
CVE-2022-0028:
PAN-OS vulnerability analysis and mitigation
Overview
A PAN-OS URL filtering policy misconfiguration vulnerability (CVE-2022-0028) was discovered in August 2022, with a CVSS score of 8.6 (HIGH). This vulnerability affects Palo Alto Networks PA-Series (hardware), VM-Series (virtual), and CN-Series (container) firewalls running specific versions of PAN-OS. The vulnerability enables remote network-based attackers to conduct reflected and amplified TCP denial-of-service (RDoS) attacks (Palo Alto Networks).
Technical details
The vulnerability requires specific conditions to be exploitable: a URL filtering profile with blocked categories assigned to a security rule with an external-facing source zone, disabled packet-based attack protection, and disabled flood protection through SYN cookies. The issue was discovered after an attempted RDoS attack was identified targeting susceptible firewalls from multiple vendors. The vulnerability is classified as CWE-406 (Insufficient Control of Network Message Volume) (Palo Alto Networks).
Impact
While exploitation does not directly impact the confidentiality, integrity, or availability of the Palo Alto Networks products, it allows attackers to conduct denial-of-service attacks that may obfuscate their identity and implicate the firewall as the attack source. Over 3,300 instances with vulnerable PAN-OS versions were discovered exposed on the internet, with many belonging to critical infrastructure sectors (Cyble).
Mitigation and workarounds
Palo Alto Networks released patches for affected versions: PAN-OS 8.1.23-h1, 9.0.16-h3, 9.1.14-h4, 10.0.11-h1, 10.1.6-h6, and 10.2.2-h2. Temporary workarounds include enabling packet-based attack protection or implementing flood protection with SYN cookies. Organizations can also remove URL filtering policies with blocked categories assigned to security rules with external-facing interfaces (Palo Alto Networks).
Community reactions
CISA issued an alert warning about the active exploitation of the vulnerability and mandated Federal Civilian Executive Branch (FCEB) agencies to apply patches by September 12, 2022. The cybersecurity community expressed concerns about the potential impact on critical infrastructure sectors (Hacker News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management