Palo Alto VPNs, firewalls suffer from high-severity vulnerability

Image depicting a hand on a scanner
Image Credit: Pixabay (Image credit: Pixabay)

A variety of VPN and firewall products from Palo Alto Networks have been found to suffer from a high-severity vulnerability, the company has warned.

According to a BleepingComputer report, PAN-OS, GlobalProtect app, and Cortex XDR agent software are running on a vulnerable version of the OpenSSL library. Prisma Cloud and Cortex XSOAR do not suffer from the same issue, Palo Alto confirmed.

The vulnerability, tracked as CVE-2022-0778, was discovered three weeks ago and, if abused, can enable a denial of service (DoS) attack, or remotely crash the vulnerable endpoint

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Waiting for the patch

OpenSSL patched up the flaw two weeks ago, but it’s still going to take a little time before Palo Alto manages to implement the fix for its own products. It seems the customers will have to wait for at least another week.

In the meantime, those with subscriptions for the Threat Prevention service can enable Threat IDs 92409 and 92411 to block incoming attacks, it was said.

Palo Alto says that it hasn’t seen these vulnerabilities being exploited in the wild, although there is a proof-of-concept available, suggesting that it may just be a matter of time before someone abuses the bug.

"The flaw is not too difficult to exploit, but the impact is limited to DoS. The most common scenario where exploitation of this flaw would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate," an OpenSSL spokesperson told BleepingComputer.

"TLS servers may be affected if they are using client authentication (which is a less common configuration) and a malicious client attempts to connect to it. It is difficult to guess to what extent this will translate to active exploitation."

Via BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.