Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-0028

Опубликовано: 10 авг. 2022
Источник: nvd
CVSS3: 8.6
EPSS Низкий

Описание

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software. All software

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 8.1.0 (включая) до 8.1.23 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.0.16 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 9.1.0 (включая) до 9.1.14 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 10.0.0 (включая) до 10.0.11 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 10.1.0 (включая) до 10.1.6 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 10.2.0 (включая) до 10.2.2 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:8.1.23:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:9.0.16:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:9.1.14:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.0.11:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*

EPSS

Процентиль: 89%
0.04682
Низкий

8.6 High

CVSS3

Дефекты

CWE-406
NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-r3j6-h9rm-9q33

CVSS3: 8.6
github
больше 3 лет назад

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software. All softwa...

fstec логотип

BDU:2022-04932

CVSS3: 8.6
fstec
больше 3 лет назад

Уязвимость операционных систем PAN-OS, связанная с ошибками при настройке политики фильтрации URL-адресов, позволяющая нарушителю вызвать отказ в обслуживании (RDoS)

EPSS

Процентиль: 89%
0.04682
Низкий

8.6 High

CVSS3

Дефекты

CWE-406
NVD-CWE-Other