California-based cybersecurity firm Palo Alto Networks said it recently learned that a service provider has identified an attempted reflected denial-of-services attack that took advantage of susceptible firewalls from several vendors, according to Security Week.
The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target, the firm explained. Palo Alto said the vulnerability, tracked as CVE-2022-0028, exists due to a misconfiguration in the URL filtering policy of its PAN OS, the platform powering the firm's next-gen firewalls, which permits a network-based attacker to carry out amplified and reflected TCP DoS attacks. The firm has so far addressed the vulnerability in PAN-OS 10.1 by rolling out platform version 10.1.6-h6. The company expects to release patches for PAN-OS 8.1, 9.0, 9.1, 10.0, and 10.2 next week. The Cybersecurity and Infrastructure Security Agency issued a warning about the vulnerability, and urged users and administrators to apply the available workarounds and patches.
Such a development comes after the vulnerability was discovered by Proofpoint to be leveraged in intrusions beginning September 28, following the release of its proof-of-concept exploit code and technical information by Project Discovery.
Attackers who successfully activated "CSS Combine" and "Generate UCSS" within Page Optimization settings could leverage the vulnerability not only to exfiltrate sensitive data but also to elevate privileges and facilitate website takeovers for further compromise, according to an analysis from Patchstack.
More widespread of the addressed bugs was a logic issue, tracked as CVE-2024-44204, which could prompt Apple's new VoiceOver feature to read credentials saved within the recently unveiled Passwords app.