The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. ![]() View Entire Change Record A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. Record truncated, showing 500 of 1298 characters. ![]() This issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them.ĬVE Modified by Palo Alto Networks, Inc. This issue does not impact Panorama M-Series or Panorama virtual appliances. All software updates for this issue are expected to be released no later than the week of August 15, 2022. We have taken prompt action to address this issue in our PAN-OS software. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
0 Comments
Leave a Reply. |