{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2022-0028","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:34:18.362Z","generator":{"date":"2026-04-11T00:34:18.362Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2022-0028","initial_release_date":"2022-08-10T16:00:00.000Z","revision_history":[{"number":"1","date":"2022-08-10T09:00:00.000Z","summary":"Initial publication"},{"number":"2","date":"2022-08-10T16:10:00.000Z","summary":"PAN-OS 10.1.6-h6 fixed version is now available. Updated ETA for PAN-OS 8.1.23-h1. Clarified URL filtering assignment language."},{"number":"3","date":"2022-08-11T19:45:00.000Z","summary":"An update to the acknowledgements section of the advisory."},{"number":"4","date":"2022-08-15T17:42:00.000Z","summary":"PAN-OS 8.1.23-h1 fixed version is now available."},{"number":"5","date":"2022-08-18T16:38:00.000Z","summary":"PAN-OS 10.2.2-h2 fixed version is now available."},{"number":"6","date":"2022-08-19T09:22:00.000Z","summary":"PAN-OS 9.0.16-h3, PAN-OS 9.1.14-h4, and PAN-OS 10.0.11-h1 fixed versions are now available."}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2022-0028","product_status":{"fixed":["PANW-PAN-OS-255","PANW-PAN-OS-256","PANW-PAN-OS-257","PANW-PAN-OS-258","PANW-PAN-OS-259","PANW-PAN-OS-260"],"known_affected":["PANW-PAN-OS-255","PANW-PAN-OS-256","PANW-PAN-OS-257","PANW-PAN-OS-258","PANW-PAN-OS-259","PANW-PAN-OS-260"],"known_not_affected":["PANW-Cloud-NGFW-1","PANW-Prisma-Access-19","PANW-Prisma-Access-18","PANW-Prisma-Access-17","PANW-Prisma-Access-16"]},"notes":[{"category":"description","text":"A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target.\n\nTo be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator.\n\nIf exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.\n\nWe have taken prompt action to address this issue in our PAN-OS software. All PAN-OS software updates for this issue are now available. This issue does not impact Panorama M-Series or Panorama virtual appliances.\n\nThis issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them."}],"references":[{"category":"external","summary":"NVD - CVE-2022-0028","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0028"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2022-0028","url":"https://security.paloaltonetworks.com/CVE-2022-0028"}],"threats":[{"category":"impact","description":"A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target.\n\nTo be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator.\n\nIf exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.\n\nWe have taken prompt action to address this issue in our PAN-OS software. All PAN-OS software updates for this issue are now available. This issue does not impact Panorama M-Series or Panorama virtual appliances.\n\nThis issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them."}],"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH"},"products":["PANW-PAN-OS-255","PANW-PAN-OS-256","PANW-PAN-OS-257","PANW-PAN-OS-258","PANW-PAN-OS-259","PANW-PAN-OS-260"]}]}]}