Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Sep 12, 2022

CVE-2022-0028

High
EPSS 4.7%CISA KEV
Palo Alto Networks/PAN-OS

Description

A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

EPSS — Exploit Probability

4.7%

Higher than 89.2% of all CVEs

Required Action

https://security.paloaltonetworks.com/CVE-2022-0028; https://nvd.nist.gov/vuln/detail/CVE-2022-0028

Related Articles (1)

Malware & Threats

Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Aug 23, 2022

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
EPSS
4.7%
CISA KEV
Yes
Ransomware
Unknown
Articles
1

Timeline

Published

Aug 22, 2022

Added to KEV

Aug 22, 2022

Remediation Due

Sep 12, 2022

Affected Product

Palo Alto Networks

PAN-OS

View all Palo Alto Networks CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE