topic Re: CVE-2022-00028 in Advanced Threat Prevention Discussions

CVE-2022-00028

Kashif_shaikh — Thu, 06 Oct 2022 06:48:33 GMT

Hi all,

I wanted to ask CVE-2022-0028 Pan-os:Reflected amplification dow vulnerability in URL filtering Will still affect my environment if i am using separate PROXY SERVER(Forcepoint proxy) for url filtering purpose?

Palo alto url filtering is used but its for specific policies rather all other traffic use forcepoint proxy for URL filtering...

Re: CVE-2022-00028

aleksandar.astardzhiev — Mon, 10 Oct 2022 11:16:55 GMT

Hi @Kashif_shaikh ,

As mentioned in the official security advisory - https://security.paloaltonetworks.com/CVE-2022-0028 if you use URL Filtering profile with at least one category set to block in your rules, your firewall is exploitable.

BUT

As mentioned in the link the risk is drasticly lowered if you don't have URL filtering profile on inbound rule.

If you have URL profile enabled only on rules for outbound traffic (from inside to internet), the risk of potential explotation is lower, but still there is a chance of insider threat. If you want to completely eliminate the risk you can follow the suggested workaround and enable the zone protection profile for the inside zone

Re: CVE-2022-00028

Kashif_shaikh — Tue, 18 Oct 2022 18:16:50 GMT

Thanks @aleksandar.astardzhiev

Re: CVE-2022-00028

PamelaDiaz — Thu, 22 Dec 2022 15:15:02 GMT

Thanks for the solution.