Threat Watch

OpenSSL Bug Affects Palo Alto ProductsOpenSSL Bug Affects Palo Alto Products

After it was announced last week that QNAP was affected by the OpenSSL bug CVE-2022-0778, another company has come forward. Palo Alto Networks has released information regarding some of their devices being vulnerable to the flaw. Products that could potentially be affected include some of Palo Alto’s firewall, VPN, and XDR models such as PAN-OS version 8.1 and later (firewall), GlobalProtect (VPN) and the Cortex XDR agent. If put together correctly, attackers could potentially be able to carry out remote Denial of Service (DoS) attacks against the vulnerable platforms. Palo Alto is expected to release updates for the vulnerable products sometime this month. At this time, they have no evidence that these products have been targeted thus far.

ANALYST NOTES

As soon as updates or patches become available, they should be downloaded and installed if they are not automatically implemented. Until the patches are released, users may be able to add a layer of protection, specifically for PAN-OS firewalls. Users with the Palo Alto Threat Prevention subscription can turn on Threat IDs 92409 and 92411. This helps lessen the chance of the vulnerabilities being exploited. While it could still cause issues, the OpenSSL team stated that “The flaw is not too difficult to exploit, but the impact is limited to DoS. The most common scenario where exploitation of this flaw would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate.”

https://securityaffairs.co/wordpress/129935/hacking/palo-alto-networks-devices-openssl-flaws.html?web_view=true