CVE-2022-0028 — Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability

2022-08-22 • CISA Known Exploited Vulnerability

[event] A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

> AFFECTED SOFTWARE

Field	Value
Vendor	Palo Alto Networks
Product	PAN-OS
CWE	CWE-940
CVE ID	CVE-2022-0028
Date Added	2022-08-22
Due Date	2022-09-12
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-09-12

> REFERENCES

[1] https://security.paloaltonetworks.com/CVE-2022-0028
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-0028