back to article Palo Alto bug used for DDoS attacks and there's no fix yet

A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week. The vulnerability, tracked as CVE-2022-0028, received an 8.6 out of 10 CVSS score, and it affects PAN OS, the …

  1. amanfromMars 1 Silver badge

    Well he would, wouldn't he? MRDA*

    "Exploitation of this issue does not impact the confidentiality, integrity, or availability of our products." ...... said a Lord Astor of Palo Alto Networks?

    * ..... MRDA

  2. razorfishsl


    also has something similar due to their marketing dept

    using the front page as a fucking advertising banner......

    you can request a load of images from URLS without even logging into the firewall...

    it works out at about 600-6000% amplification.

    send a 40 byte request and get 400-600k of reply.

    1. Anonymous Coward
      Anonymous Coward

      Dull sold Sonicwall. It's a separate company again now.

  3. Anonymous Coward
    Anonymous Coward

    Usenix TCP middlebox researchers notified PA of this in 2021 *last year*

    In this research the researchers say they reached out to Palo Alto about this in 2021 *last year* - how has it taken PA almost a year to realize they can be vulnerable?

  4. Doogie Howser MD

    Their security not getting any better

    I am a subscriber to their patch update e-mails and most quarters there is yet another serious flaw to patch. For a security company, they don't seem to be that great at security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like