CVE-2022-0023 DNS proxy feature of PAN-OS can be exploited if the firewall is mishandled during an MITM attack.

The DNS proxy feature of PAN-OS is responsible for handling DNS requests forwarded to external DNS servers. A MITM can inject DNS records into the DNS proxy service to cause the service to restart unexpectedly, which causes all traffic to be dropped. This situation can be exploited by an attacker to launch a Denial-of-Service (DoS) attack against the PAN-OS device. An attacker sends specially crafted DNS requests to the DNS proxy service, which causes the service to restart unexpectedly. As a result, all DNS requests are dropped, and consequently, all traffic to the internal DNS server is dropped. This situation can be exploited by an attacker to launch a DoS attack against the PAN-OS device.

Vulnerability Effects & Analysis

Vulnerability Effects:
- The DNS proxy service of PAN-OS is vulnerable to a DoS attack.

Analysis:
- A MITM can inject DNS records into the DNS proxy service to cause the service to restart unexpectedly. This situation can be exploited by an attacker to launch a DoS attack against the PAN-OS device.

Vulnerability Summary

The DNS proxy of PAN-OS is responsible for handling requests forwarded to external DNS servers. The DNS proxy service can be exploited by an attacker to launch a Denial-of-Service (DoS) attack against the PAN-OS device. An attacker sends specially crafted DNS requests to the DNS proxy service, which causes the service to restart unexpectedly. As a result, all DNS requests are dropped, and consequently, all traffic to the internal DNS server is dropped.

Vulnerability Details

A malicious DNS proxy might cause a Denial-of-Service (DoS) attack to be launched against the PAN-OS device. An attacker sends specially crafted DNS requests to the DNS proxy service, which causes the service to restart unexpectedly and drop all traffic.

Vulnerability Scenario

An attacker sends specially crafted DNS requests to the DNS proxy service, which causes the service to restart unexpectedly. As a result, all DNS requests are dropped, and consequently, all traffic to the internal DNS server is dropped.

Timeline

Published on: 04/13/2022 19:15:00 UTC
Last modified on: 04/21/2022 17:39:00 UTC

References

• https://security.paloaltonetworks.com/CVE-2022-0023
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0023