Paolo Alto VPN vulnerable to OpenSSL Bug
Palo Alto Networks warned customers yesterday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago.
Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.
Even though the OpenSSL team released a patch two weeks ago when it publicly disclosed the bug, customers will have to wait until later this month (during the week of April 18) when Palo Alto Networks plans to release security updates.