Well he would, wouldn't he? MRDA*
"Exploitation of this issue does not impact the confidentiality, integrity, or availability of our products." ...... said a Lord Astor of Palo Alto Networks?
* ..... MRDA
A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week. The vulnerability, tracked as CVE-2022-0028, received an 8.6 out of 10 CVSS score, and it affects PAN OS, the …
also has something similar due to their marketing dept
using the front page as a fucking advertising banner......
you can request a load of images from URLS without even logging into the firewall...
it works out at about 600-6000% amplification.
send a 40 byte request and get 400-600k of reply.
In this research https://www.usenix.org/system/files/sec21fall-bock.pdf the researchers say they reached out to Palo Alto about this in 2021 *last year* - how has it taken PA almost a year to realize they can be vulnerable?