According to a BleepingComputer report, PAN-OS, GlobalProtect app, and Cortex XDR agent software are running on a vulnerable version of the OpenSSL library. Prisma Cloud and Cortex XSOAR do not suffer from the same issue, Palo Alto confirmed.
The vulnerability, tracked as CVE-2022-0778, was discovered three weeks ago and, if abused, can enable a denial of service (DoS) attack, or remotely crash the vulnerable endpoint.
Waiting for the patch
OpenSSL patched up the flaw two weeks ago, but it’s still going to take a little time before Palo Alto manages to implement the fix for its own products. It seems the customers will have to wait for at least another week.
In the meantime, those with subscriptions for the Threat Prevention service can enable Threat IDs 92409 and 92411 to block incoming attacks, it was said.
Palo Alto says that it hasn’t seen these vulnerabilities being exploited in the wild, although there is a proof-of-concept available, suggesting that it may just be a matter of time before someone abuses the bug.
“The flaw is not too difficult to exploit, but the impact is limited to DoS. The most common scenario where exploitation of this flaw would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate,” an OpenSSL spokesperson told BleepingComputer.
“TLS servers may be affected if they are using client authentication (which is a less common configuration) and a malicious client attempts to connect to it. It is difficult to guess to what extent this will translate to active exploitation.”