The U.S. Infrastructure and Cybersecurity Agency (CISA) has warned that hackers are already exploiting a fresh vulnerability in Palo Alto Networks’ PAN-OS that could be used to amplify attacks.
The vulnerability in question is tracked as CVE-2022-0028 with a CVSS score of 8.6 and is related to a URL filtering policy misconfiguration that could allow a remote and unauthenticated attacker to perform a reflected and enhanced TCP attack.
Several versions of PAN-OS (the operating system used by the company’s networking equipment) for PA, VM and CN series devices have been affected by this issue, and Palo Alto Networks developers have already released fixes for everyone.
When the issue was revealed last week, it was highlighted that the bug could abuse PAN-OS devices for DDoS attacks, obscuring the attacker’s original IP address and making it harder for defenders. In addition, hackers can use such attacks to extort or deliberately disrupt a company’s business processes.
Even then, Palo Alto Networks engineers warned that they discovered the vulnerability only after one of the devices was used as part of an RDoS attack. Now the CISA has also confirmed the exploitation of the bug, urging administrators to install patches as soon as possible, although CVE-2022-0028 can only be exploited if a number of conditions are met, if the firewall configuration differs from the default.