Palo Alto Networks has found that a malware has tried to exploit its firewalls from multiple vendors for distributed denial-of-service (DDoS) attacks.
Eventually, the attack was identified by a service provider. The malware took advantages of several sensitive firewalls from multiple vendors, which also included Palo Alto Networks.
The vulnerability has been tracked as CVE-2022-0028 which exists due to a defect in the PAN-OS URL filtering policy. It allows the network-based attacker to lead a reflected and amplified TCP DoS attacks. The company has stated that when the firewall is to be misused by an outside attacker, the firewall layout must have an URL filtering profile. Consequently, the profile should be with one or more blocked categories which is given to a security rule, along with a source zone.
Accordingly, the company has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker can abuse the vulnerability to lead a reflected DDoS. Hence, to prevent the exploitation, users are guided to abolish the URL filtering policy which leads to this vulnerability.
