Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug


American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago.

Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.

Even though the OpenSSL team released a patch two weeks ago when it publicly disclosed the bug, customers will have to wait until later this month (during the week of April 18) when Palo Alto Networks plans to release security updates.

Read more…
Source: Bleeping Computer