Palo Alto Networks has revealed that cybercriminals are targeting the firewalls from different vendors to pull off a reflected amplification denial-of-service (RDoS) attack. According to the report, hackers also targeted firewalls of Palo Alto’s proprietary PAN-OS.
Discussing the attacks
- The flaw occurs due to a misconfiguration in the PAN-OS URL filtering policy. Its exploitation allows an attacker to carry out reflected and amplified TCP DoS attacks.
- Additionally, the DoS attack seems to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual), and CN-Series (container) firewall against a target specified by an attacker.
Preconditions for flaw exploitation
- The vulnerability exploitation requires certain conditions, such as configurations not typical for URL filtering.
- The firewall configuration must have a URL filtering profile with one or more blocked categories given to security rules with a source zone having an external facing network interface.
What to do?
To prevent exploitation, users are suggested to remove the URL filtering policy that leads to this vulnerability. Further, enable a security feature between packet-based attack protection and flood protection on network firewalls. However, the vulnerability has been addressed by the firm in the PAN-OS 10.1 version.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/2568_shutterstock_621349628.jpeg)
/https://cyware-ent.s3.amazonaws.com/image_bank/36cb_shutterstock_668772514.jpg)
