CISA Warning: High-Severity PAN-OS DDoS Flaw

CISA added a new known exploited vuln to its catalog. CVE-2022-0028 is a high-severity PAN-OS DDoS flaw found in Palo Alto Networks' PAN-OS that has been added to the list of exploited vulnerabilities that allows a remote threat actor to deploy reflected and amplified denial-of-service (DoS) attacks without having to authenticate.

Terry Olaes, Skybox Security explained the risk of the vuln and how organizations should think about mitigating similar threats: “Skybox Research Lab found that new vulnerabilities in the wild rose by 24% in 2022 and new vulnerabilities in operational technology (OT) products have risen 88% year over year, demonstrating just how quickly threat actors are moving to capitalize on an organization’s weaknesses. In the case of CVE-2022-0028, CISA noted that this vulnerability allows a remote threat actor to deploy reflected and amplified denial-of-service (DoS) attacks without having to authenticate.

Too often, our researchers see organizations that only rely on conventional approaches to vulnerability management move to patch the highest severity vulnerabilities first based on the Common Vulnerability Scoring System (CVSS). Cybercriminals know this is how many companies handle their cybersecurity, so they’ve learned to take advantage of vulnerabilities seen as less critical to carry out their attacks.

To stay ahead of cybercriminals, companies need to address vulnerability exposure risks before hackers attack them. That means taking a more proactive approach to vulnerability management by learning to identify and prioritize exposed vulnerabilities across the entire threat landscape. This warning also serves as a reminder that infrastructure devices must be included in vulnerability management programs. Security teams need to be able to quickly assess vulnerability risk posed across both endpoint and infrastructure assets without having to wait for other teams, like platform and network, to provide feedback.

Organizations should ensure they have solutions in place capable of quantifying the business impact of cyber risks into economic impact. This will also help them identify and prioritize the most critical threats based on the size of financial impact, among other risk analyses such as exposure-based risk scores. They must also enhance the maturity of their vulnerability management programs to ensure they can quickly discover whether or not a vulnerability impacts them and how urgent it is to remediate.”