A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won’t have a patch until next week. The vulnerability, tracked as CVE-2022-0028, received an 8.6 out of 10 CVSS score, and it affects PAN OS, the operating system in Palo Alto Networks’ network security products. Panorama M-Series or Panorama virtual appliances, and Palo Alto Networks, have already had the issue fixed for cloud-based firewall and Prisma Access customers.  Additionally, Palo Alto Networks patched PAN-OS version 10.1.6-h6 and all later PAN-OS versions for its PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewalls.  We’re told fixes for software releases PAN-OS 8.1.23-h1, PAN-OS 9.0.16-h3, PAN-OS 9.1.14-h4, PAN-OS 10.0.11-h1, and PAN-OS 10.2.2-h2 will arrive sometime next week, on August 15 or later.

Read full article on The Register