The US Agency for Cyber Security and Infrastructure Security (CISA) has included a newly found vulnerability with high severity in the operating system PAN-OS in the catalog of exploitable vulnerabilities. PAN-OS controls Palo Alto Networks firewalls.
The Palo Alto Networks vulnerability recently found in PAN-OS has been filed with CISA as security problem CVE-2022-0028. The identified risk has a high severity rating of 8,6 out of 10 as it allows a remote threat actor to deploy enhanced Denial of Service (DoS) attacks without requiring authentication.
Patches for PAN-OS versions released
Several versions of PAN-OS are vulnerable to CVE-2022-0028. They can be found in the devices of the PA, VM and CN series. Palo Alto Networks has already released appropriate patches for all versions. According to CISA, the vulnerability has already been used for at least one attack. All firewall operators are therefore advised to patch immediately.
According to the vendor, an attacker exploiting the issue could hide their original IP address, making it more difficult to fix. CISA is warning federal agencies to apply available fixes no later than September 9. The CISA catalog currently lists 802 known and exploitable vulnerabilities. Almost every vulnerability has patches that companies around the world could use to improve their defenses.
More at CISA.gov