Skip to main content

Palo Alto Networks Releases Security Updates for PAN-OS Vulnerability

Security update addresses CVE-2022-0028, a reflected amplification denial-of-service vulnerability in URL filtering

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Security update addresses CVE-2022-0028, a reflected amplification denial-of-service vulnerability in URL filtering


Threat details

Introduction

Palo Alto Networks released security updates to address a vulnerability affecting the PAN-OS firewall operating system. A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks that could obfuscate the identity of the attacker and implicate the firewall as the source of the attack.

Exploitation in the wild for CVE-2022-0028

Palo Alto Networks have reported that there has been exploitation in the wild for the vulnerability known as CVE-2022-0028

Affected organisations are still encouraged to review Palo Alto advisory and apply any relevant updates.


Remediation advice

Affected organisations are encouraged to review the Palo Alto advisory CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering and apply any relevant updates.


Definitive source of threat updates


Last edited: 15 August 2022 5:11 pm