Nynox advisory - Threat alert - Palo Alto Networks - High severity vulnerability (CVE-2022-0028)
– Date: 25 August 2022 –
Attackers may use your firewall to compromise your network or other companies. Here’s everything you need to know. Palo Alto Networks published a new vulnerability affecting their products using PAN-OS. It allows attackers to execute reflection and amplify TCP Denial-of-Service (DOS) attacks.
What’s a reflection attack?
They aim to disrupt systems by saturating resources such as bandwidth, CPU, memory, and connection tables, among others
One of the most common attacks of this type is DNS amplification
These attacks leverage two techniques:
- Amplification: Attackers send a small query or request to the affected device that results in a significant response in terms of bandwidth.
- Reflection: Attackers can change the source IP for the initial request with the IP of a company they want to disrupt and trigger this attack thousands of times per second. The affected device sends massive amounts of traffic to the target, saturating networks and resources.
Why is this vulnerability serious?
It’s easy to exploit
Default configurations of certain PAN-OS features will leave your firewall exposed
It doesn’t compromise the confidentiality or integrity of your PAN devices but may heavily impact performance
How is Nynox protecting its SOC customers?
24×7 monitoring of the onboarded PAN devices
Free threat hunting based on the indicators for this attack
Personalized assistance to mitigate the risk
24×7 Incident Response (CSIRT)
What can you do to mitigate the risk?
Patch your PAN devices with the recommended hotfix
But what if you can’t?
Configuration hardening: Aside from the recommended patch, PAN provided configurations that prevent vulnerability exposure.
DoS mitigation: Internet Service Providers (ISPs) can provide Anti-DoS services. Also, you may have products in your network that may stop DoS attacks.
You will find more information in the official PAN post: https://security.paloaltonetworks.com/CVE-2022-0028