Best Top Reviews Online

Active Firewall Vulnerability Triggers CISA Warning

CISA warns that Palo Alto Networks’ PAN-OS is currently under active attack and should be patched immediately.

The software that operates Palo Alto Networks’ firewalls is under attack, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to warn public and federal IT security teams to apply available patches. Federal agencies are urged to implement a patch by September 9th.

According to Palo Alto Networks, adversaries attempted to exploit a critical flaw (CVE-2022-0028) that was patched earlier this month. The vulnerability could be exploited by remote hackers to launch reflected and amplified denial-of-service (DoS) attacks against targeted systems without having to authenticate themselves.

Palo Alto Networks asserts that the vulnerability can only be exploited on a small number of systems under specific conditions and that the vulnerable systems are not a part of a standard firewall configuration. Additional exploits of the vulnerability have either not occurred or not been publicly reported.

Products and OS Versions Affected

Affected products include PA-Series, VM-Series, and CN-Series devices running the PAN-OS firewall software. PAN-OS before 10.2.2-h2, PAN-OS before 10.1.6-h6, PAN-OS before 10.0.11-h1, PAN-OS before 9.1.14-h4, PAN-OS before 9.0.16-h3, and PAN-OS before 8.1.23-h1 are vulnerable to attack and have available patches.

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (DDoS) attacks, according to a Palo Alto Networks advisory. The DoS attack appears to have originated from a PA-Series (hardware), VM-Series (virtual), or CN-Series (container) firewall from Palo Alto Networks against an attacker-specified target.”

The advisory describes the vulnerable non-standard configuration as “the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external network interface.”

The advisory stated that the configuration was likely not intended by the network administrator.

CISA Includes Flaw in KEV Catalog

CISA added the Palo Alto Networks flaw to its catalog of known exploitable vulnerabilities on Monday.

The CISA Known Exploited Vulnerabilities (KEV) Catalog is a curated list of exploited vulnerabilities. Also included is a list of KEVs that the agency “strongly recommends” public and private organizations pay close attention to to “prioritize remediation” and “reduce the likelihood of compromise by known threat actors.”

Reflective and Amplified Denial of Service (DoS) Attacks

The increase in the peak size of volumetric attacks is one of the most remarkable changes in the DDoS landscape. Attackers continue to use reflection/amplification techniques to maximize the scale of their attacks by exploiting vulnerabilities in DNS, NTP, SSDP, CLDAP, and other protocols.

Reflected and amplified denial-of-service attacks are not new and have become increasingly prevalent over time.

Distributed denial of service attacks, which are designed to render websites inaccessible by overwhelming domains or specific application infrastructure with massive traffic flows, continue to pose a significant obstacle for businesses of all types. Being knocked offline has negative effects on revenue, customer service, and basic business operations, and it is worrisome that the bad actors behind these attacks are refining their methods to become more effective over time.

In contrast to DDoS attacks with a limited volume, reflective and amplified DoS attacks can generate much greater volumes of disruptive traffic. This type of attack enables an adversary to increase the volume of malicious traffic they generate while concealing the attack traffic’s sources. An HTTP-based DDoS attack, for instance, sends bogus HTTP requests to a target’s server, tying up resources and preventing users from accessing a specific website or service.

A TCP attack, which is believed to have been used in the recent attack on Palo Alto Networks, occurs when an attacker sends a spoofed SYN packet to a range of random or pre-selected reflection IP addresses, with the source IP replaced by the victim’s IP address. The services at the reflection address respond to the victim of the spoofing attack with an SYN-ACK packet. If the victim fails to respond, the reflection service will repeatedly retransmit the SYN-ACK packet, resulting in amplification. The amount of amplification depends on the attacker-defined number of SYN-ACK retransmissions by the reflection service.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of