CVE-2022-0028
published 2022-08-10CVE-2022-0028: A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks…
PriorityP279high8.6CVSS 3.1
AVNACLPRNUINSCCNINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-09-12
Exploited in the wild
EPSS
2.04%
78.7th percentile
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software. All software updates for this issue are expected to be released no later than the week of August 15, 2022. This issue does not impact Panorama M-Series or Panorama virtual appliances. This issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.0 < 10.0.11-h1 | 10.0.11-h1 |
| palo_alto_networks | pan-os | >= 10.1 < 10.1.6-h6 | 10.1.6-h6 |
| palo_alto_networks | pan-os | >= 10.2 < 10.2.2-h2 | 10.2.2-h2 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.23-h1 | 8.1.23-h1 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.16-h3 | 9.0.16-h3 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.14-h4 | 9.1.14-h4 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.0.0 < 10.0.11 | 10.0.11 |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.6 | 10.1.6 |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.2 | 10.2.2 |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.23 | 8.1.23 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.16 | 9.0.16 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.14 | 9.1.14 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable configuration: URL filtering profile with one or more blocked categories assigned to a security rule where the source zone has an external-facing network interface — this enables abuse for reflected/amplified TCP DoS ↗
- →The DoS traffic will appear to originate FROM the PAN-OS firewall (PA-Series, VM-Series, CN-Series) toward an attacker-specified target — hunt for anomalous outbound TCP flood traffic sourced from firewall interfaces ↗
- →Attack vector is network-based (no authentication required); monitor for unexpected high-volume TCP traffic initiated by the firewall itself toward external destinations as an indicator of exploitation ↗
- ·Only PAN-OS firewalls with a URL filtering profile containing blocked categories assigned to a security rule whose source zone has an external-facing interface are exploitable; this is described as an atypical/unintended configuration ↗
- ·Panorama M-Series and Panorama virtual appliances are NOT affected by this CVE ↗
- ·Cloud NGFW and Prisma Access customers are already remediated and require no action ↗
- ·Fixed versions: PAN-OS 8.1.23-h1, 9.0.16-h3, 9.1.14-h4, 10.0.11-h1, 10.1.6-h6, 10.2.2-h2, and all later versions for PA-Series, VM-Series, and CN-Series firewalls ↗
- ·Workaround: remove URL filtering blocked-category assignments from security rules where the source zone is external-facing; additionally, enabling zone protection mitigations on all security zones with an external-facing interface can block DoS from all sources ↗
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
vulncheck8.6HIGH
cisa8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r3j6-h9rm-9q33: A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) at
ghsa_unreviewed·2022-08-11
CVE-2022-0028 [HIGH] CWE-400 GHSA-r3j6-h9rm-9q33: A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) at
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS
VulnCheck
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
vulncheck·2022·CVSS 8.6
CVE-2022-0028 [HIGH] CWE-940 Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
Affected: Palo Alto Networks PAN-OS
Required Action: Apply updates per vendor instructions.
Exploitation References: https://security.paloaltonetworks.com/CVE-2022-0028; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://isc.sans.edu/diary/rss/32126
Remediation Due: 2022-09-12
CISA ICS
Siemens RUGGEDCOM APE1808 before V11.0.1
cisa_ics·2024-04-11
Siemens RUGGEDCOM APE1808 before V11.0.1
ICS Advisory
##
Siemens RUGGEDCOM APE1808 before V11.0.1
Release DateApril 11, 2024
Alert CodeICSA-24-102-03
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 6.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE1808
- Vulnerabilities: Network Amplification, Exposure of Sensitive System Information to an Unauthorized Control Sphere, External Control of File Name or Path, Cross-site Scripting, Insufficien
CISA
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
cisa·2022-08-22·CVSS 8.6
CVE-2022-0028 [HIGH] CWE-940 Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
Vulnerability: Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
Affected: Palo Alto Networks PAN-OS
A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
Required Action: Apply updates per vendor instructions.
Notes: https://security.paloaltonetworks.com/CVE-2022-0028; https://nvd.nist.gov/vuln/detail/CVE-2022-0028
Remediation Due Date: 2022-09-12
Palo Alto
PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering
vendor_paloalto·2022-08-10·CVSS 8.6
CVE-2022-0028 [HIGH] CWE-406 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering
PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target.
To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator.
If exploited, this issue would no
No detection rules found.
No public exploits indexed.
Qualys
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.
blogs_qualys·2022-09-13·CVSS 5.6
[MEDIUM] September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.
## Table of Contents
Microsoft Patch Tuesday Summary
The September 2022 Microsoft Vulnerabilities Are Classified As Follows:
Notable Microsoft Vulnerabilities Patched
Zero-Day Vulnerabilities Addressed
Microsoft Important Vulnerability Highlights
Microsoft Edge | Last But Not Least
Adobe Security Bulletins and Advisories
About Qualys Patch Tuesday
Qualys Threat Protection High-Rated Advisories from August to September 2022 Patch Tuesday Advisory
Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
Rapid Response With Patch Management (PM)
Evaluate Vendor-Suggested Workarounds With Policy Compliance
Qualys This Month in Vulnerabilities and Patches Webinar Series
Join the Webinar This Month in Vulnerabilities & Patches
NEW & NOTEWORTHY
Qualys
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical. | Qualy
blogs_qualys·2022-09-13·CVSS 5.6
[MEDIUM] September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical. | Qualy
#### Table of Contents
- Microsoft Patch Tuesday Summary
- The September 2022 Microsoft Vulnerabilities Are Classified As Follows:
- Notable Microsoft Vulnerabilities Patched
- Zero-Day Vulnerabilities Addressed
- Microsoft Important Vulnerability Highlights
- Microsoft Edge | Last But Not Least
- Adobe Security Bulletins and Advisories
- About Qualys Patch Tuesday
- Qualys Threat Protection High-Rated Advisories from August to September 2022 Patch Tuesday Advisory
- Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
- Rapid Response With Patch Management (PM)
- Evaluate Vendor-Suggested Workarounds With Policy Compliance
- Qualys This Month in Vulnerabilities and Patches Webinar Series
- Join the Webinar This Month in Vulnerabilities & Patches
-
2022-08-10
Published
2022-08-22
Added to CISA KEV
Exploited in the wild