Technology giant Palo Alto Networks alerted their users about a severe PAN-OS vulnerability that allows hacking of target systems. The vendors confirmed active exploitation of this flaw in the wild against other networks.
Palo Alto PAN-OS Vulnerability
According to a recent advisory, the PAN-OS vulnerability is a URL filtering policy misconfiguration that risks a systems security. This vulnerability, CVE-2022-0028, achieved a high-severity rating with a CVSS score of 8.6.
Specifically, the issue existed in firewalls configured with URL filtering profiles assigning one or more blocked categories to an exposed security rule. As stated in the advisory,
The firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing interface for this issue to be misused by an external attacker.
This condition is a mandatory requirement for successful exploitation of the flaw and is not a typical URL filtering configuration. Nonetheless, since it may appear even when unintended, admins must check their systems for this vulnerable configuration.
Exploiting this flaw allows an attacker to trigger a denial of service (DoS) state on the target network. Alongside the loss of functionality, such an attack also makes it difficult to spot the attacker. Instead, false alerts could show the firewall as the source of malicious traffic.
Palo Alto Networks confirmed that the vulnerability affects PA-Series (hardware), VM-Series (virtual), and CN-Series (container) firewall, whereas the Panorama M-Series or Panorama virtual appliances remain unaffected. Successful exploitation may affect the products’ confidentiality, integrity, and availability.
Patch Deployed – Update Asap!
Palo Alto Networks confirmed addressing the issue with subsequent software updates scheduled to arrive in mid-August 2022.
Specifically, the fixed releases include PAN-OS 10.1.6-h6 and later. Users must ensure updating their devices with the fixed software versions at the earliest, especially to prevent any exploits.
However, if immediate updates are not possible for any systems, then the vendors recommend the users remediate vulnerable URL filtering policy configuration. Moreover, users can also enable Packet-based attack protection and Flood protection as mitigations to avoid DoS attacks.