California-based cybersecurity firm Palo Alto Networks said it recently learned that a service provider has identified an attempted reflected denial-of-services attack that took advantage of susceptible firewalls from several vendors, according to Security Week.
The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target, the firm explained. Palo Alto said the vulnerability, tracked as CVE-2022-0028, exists due to a misconfiguration in the URL filtering policy of its PAN OS, the platform powering the firm's next-gen firewalls, which permits a network-based attacker to carry out amplified and reflected TCP DoS attacks. The firm has so far addressed the vulnerability in PAN-OS 10.1 by rolling out platform version 10.1.6-h6. The company expects to release patches for PAN-OS 8.1, 9.0, 9.1, 10.0, and 10.2 next week. The Cybersecurity and Infrastructure Security Agency issued a warning about the vulnerability, and urged users and administrators to apply the available workarounds and patches.
Legislation seeking to address open source software risks in government has been introduced by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, according to The Record, a news site by cybersecurity firm Recorded Future.