CISA Warns of Palo Alto Vulnerability Exploited by Hackers

Share post:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors are actively exploiting a vulnerability that affects Palo Alto Networks PAN-OS. The vulnerability, which is tracked as CVE-2022-0028, has a severity score of 8.6.

The vulnerability is due to incorrect configuration of URL filtering policies, which could allow an unauthenticated remote attacker to conduct reflected and amplified TCP Denial-of-Service DoS attacks.

Affected product versions include PAN-OS 10.2 (version < 10.2.2-h2), PAN-OS 10.1 (version < 10.1.6-h6), PAN-OS 10.0 (version < 10.0.11-h1), PAN-OS 9.1 (version < 9.1.14-h4), PAN-OS 9.0 (version < 9.0.16-h3), and PAN-OS 8.1 (version < 8.1.23-h1).

Customers of affected products are advised to apply the patches to mitigate potential threats, and Federal Civilian Branch (FCEB) agencies are required to update to the latest version by September 12, 2022.

Palo Alto Networks said the vulnerability was discovered after it was pointed out that vulnerable firewall appliances from various vendors, including their networks, were being used as part of an attempted reflected denial-of -service (RDoS) attack.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, June 21, 2024

Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday June...

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways