CVE-2022-0028

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS (affected versions not specified)

Description A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of the products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.

Recommendations To prevent exploitation, users are recommended to remove the URL filtering policy that leads to this vulnerability and enable packet-based protection or flood protection using SYN cookie files on their Palo Alto Networks firewalls. At the moment, there is no information about a newer version that contains a fix for this vulnerability.