Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Palo Alto Networks warns of Reflected Amplification DoS issue in PAN-OS

Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to […]

Palo Alto Networks Palo Alto Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS FlawGlobalProtect CVE-2026-0257

Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks.

Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks.

The vendor has learned that firewalls from multiple vendors are abused to conduct distributed denial-of-service (DDoS) attacks, but it did not disclose the name of the impacted companies.

“Palo Alto Networks recently learned that an attempted reflected denial-of-service (RDoS) attack was identified by a service provider. This attempted attack took advantage of susceptible firewalls from multiple vendors, including Palo Alto Networks. We immediately started to root cause and remediate this issue.” reads the advisory published by Palo Alto Networks. “Exploitation of this issue does not impact the confidentiality, integrity, or availability of our products.

The root cause of the issue affecting the Palo Alto Network devices is a misconfiguration in the PAN-OS URL filtering policy that allows a network-based attacker to conduct reflected and amplified TCP DoS attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against a target chosen by the attackers.

Palo Alto Networks GlobalProtect VPN

The issue could be exploited if the firewall configuration has a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface.

The flaw can be mitigated by removing the URL filtering policy, the company also recommends enabling only one security feature between packet-based attack protection and flood protection on their Palo Alto.

If exploited, this flaw would not impact the confidentiality, integrity, or availability of Palo Alto Networks products. However, the company pointed out that the resulting denial-of-service (DoS) attack may allow threat actors to hide their identity and implicate the firewall as the source of the attack.

Below is the Product Status shared by the vendor:

VersionsAffectedUnaffected
Cloud NGFWNoneAll
PAN-OS 10.2< 10.2.2-h2>= 10.2.2-h2 (ETA: week of August 15, 2022)
PAN-OS 10.1< 10.1.6-h6>= 10.1.6-h6
PAN-OS 10.0< 10.0.11-h1>= 10.0.11-h1 (ETA: week of August 15, 2022)
PAN-OS 9.1< 9.1.14-h4>= 9.1.14-h4 (ETA: week of August 15, 2022)
PAN-OS 9.0< 9.0.16-h3>= 9.0.16-h3 (ETA: week of August 15, 2022)
PAN-OS 8.1< 8.1.23-h1>= 8.1.23-h1 (ETA: August 15, 2022)
Prisma Access 3.1NoneAll
Prisma Access 3.0NoneAll
Prisma Access 2.2NoneAll
Prisma Access 2.1NoneAll

The US Cybersecurity and Infrastructure Security Agency (CISA) also published a security advisory to warn of this vulnerability.

“Palo Alto Networks has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service,” reads the advisory published by CISA.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2022-0028)

[adrotate banner=”5″]

[adrotate banner=”13″]