CVE-2022-0028

Share

CVE-2022-0028

by Excellium SA

Abstract Advisory Information

The listed products and versions do not properly process TCP handshake, resulting in the risk of being misused by a botnet to conduct a reflective DDoS attack. In addition, this vulnerability allows to leak the filtering policy, which can be useful to increase the success of phishing campaigns.

Author: The vulnerability was initially discovered by The Shadowserver Foundation.

Version affected

Vendor: Palo Alto Networks

Product name and version:

PAN-OS 10.2      < 10.2.2-h2

PAN-OS 10.1      < 10.1.6-h6

PAN-OS 10.0      < 10.0.11-h1

PAN-OS 9.1        < 9.1.14-h4

PAN-OS 9.0        < 9.0.16-h3

PAN-OS 8.1        < 8.1.23-h1

Common Vulnerability Scoring System

8.6

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:

Patches

PAN-OS 10.2      >= 10.2.2-h2 (ETA: week of August 15, 2022)

PAN-OS 10.1      >= 10.1.6-h6

PAN-OS 10.0      >= 10.0.11-h1 (ETA: week of August 15, 2022)

PAN-OS 9.1        >= 9.1.14-h4 (ETA: week of August 15, 2022)

PAN-OS 9.0        >= 9.0.16-h3 (ETA: week of August 15, 2022)

PAN-OS 8.1        >= 8.1.23-h1

References

https://security.paloaltonetworks.com/CVE-2022-0028

Vulnerability Disclosure Timeline

  • 28/04/2022: Vulnerability discovery by ShadowServer
  • 29/04/2022: Vulnerability Report to CERT-XLM
  • 29/04/2022: Vulnerability Report to Vendor
  • 02/05/2022: Acknowledge from vendor
  • 06/05/2022: Update asked to the vendor
  • 08/05/2022: Acknowledge from vendor
  • 20/05/2022: Update asked to the vendor
  • 23/05/2022: Acknowledge from vendor
  • 27/05/2022: Update asked to the vendor
  • 29/05/2022: Acknowledge from vendor
  • 12/06/2022: News from vendor
  • 22/06/2022: Update asked to the vendor
  • 26/06/2022: Acknowledge from vendor
  • 01/07/2022: Update asked to the vendor
  • 03/07/2022: Acknowledge from vendor
  • 08/07/2022: Update asked to the vendor
  • 10/07/2022: Acknowledge from vendor
  • 15/07/2022: Update asked to the vendor
  • 16/07/2022: Acknowledge from vendor
  • 22/07/2022: We allow time for the vendor to fix
  • 05/08/2022: Exchange of advisory drafts
  • 10/08/2022: Public Disclosure by Vendor
  • 11/08/2022: PAN-OS 10.1.6-h6 fixed version is now available. Updated ETA for PAN-OS 8.1.23-h1. Clarified URL filtering assignment language.
  • 12/08/2022: An update to the acknowledgements section of the advisory.
  • 16/08/2022: PAN-OS 8.1.23-h1 fixed version is now available.
  • 19/08/2022: PAN-OS 9.0.16-h3, PAN-OS 9.1.14-h4, and PAN-OS 10.0.11-h1 fixed versions are now available.
  • 19/08/2022: PAN-OS 10.2.2-h2 fixed version is now available.
  • 24/08/2022: Public Disclosure
Top