Nynox advisory - Threat alert - Palo Alto Networks - High severity vulnerability (CVE-2022-0028)

– Date: 25 August 2022 –

Attackers may use your firewall to compromise your network or other companies. Here’s everything you need to know. Palo Alto Networks published a new vulnerability affecting their products using PAN-OS. It allows attackers to execute reflection and amplify TCP Denial-of-Service (DOS) attacks.

What’s a reflection attack?

📍 They aim to disrupt systems by saturating resources such as bandwidth, CPU, memory, and connection tables, among others

📍 One of the most common attacks of this type is DNS amplification

📍 These attacks leverage two techniques:

  • Amplification: Attackers send a small query or request to the affected device that results in a significant response in terms of bandwidth.
  • Reflection: Attackers can change the source IP for the initial request with the IP of a company they want to disrupt and trigger this attack thousands of times per second. The affected device sends massive amounts of traffic to the target, saturating networks and resources.
Why is this vulnerability serious?

⚠️ It’s easy to exploit
⚠️ Default configurations of certain PAN-OS features will leave your firewall exposed
⚠️ It doesn’t compromise the confidentiality or integrity of your PAN devices but may heavily impact performance

How is Nynox protecting its SOC customers?

🛡️ 24×7 monitoring of the onboarded PAN devices
🛡️ Free threat hunting based on the indicators for this attack
🛡️ Personalized assistance to mitigate the risk
🛡️ 24×7 Incident Response (CSIRT)

What can you do to mitigate the risk?

✅ Patch your PAN devices with the recommended hotfix

But what if you can’t?

✅ Configuration hardening: Aside from the recommended patch, PAN provided configurations that prevent vulnerability exposure.
✅ DoS mitigation: Internet Service Providers (ISPs) can provide Anti-DoS services. Also, you may have products in your network that may stop DoS attacks.

You will find more information in the official PAN post: https://security.paloaltonetworks.com/CVE-2022-0028

Need help assessing your situation? We can help you to establish your SOC to stop these threats.
Get in contact
Our Latest insights