The Cybersecurity and Infrastructure Security Agency has warned that a vulnerability in PAN-OS operated by Palo Alto Networks is under active attack. The agency stated that the flaw needs to be patches as soon as possible. The warning was released to the public and federal IT security teams so that all parties are aware of the required fixes. Federal agencies are urged to patch the bug by September 9, although the sooner the better. Palo Alto Networks released the fix for the high severity bug earlier this month after they detected that adversaries were attempting to exploit it.
The flaw is tracked as CVE-2022-0028 and is classified as high-severity. The flaw could allow remote attackers to conduct reflected and amplified denial-of-service (DoS) attacks without authentication. Although the bug can only be exploited under certain conditions and on a limited number of systems, the bug still poses a threat to federal agencies and organizations using PAN-OS.
Read More: Firewall Bug Under Active Attack Triggers CISA Warning