CyberSecurity news
FlagThis
info@thehackernews.com (The Hacker News)@The Hacker News - 36d
Critical vulnerabilities have been discovered in Palo Alto Networks firewall devices, potentially allowing attackers to bypass Secure Boot protections and exploit firmware-level flaws. Security firm Eclypsium evaluated three Palo Alto Network appliances, including the PA-3260, PA-1410, and PA-415, uncovering a range of well-known vulnerabilities collectively named "PANdora's Box". These flaws include "Boothole," a buffer overflow vulnerability leading to remote code execution, secure boot bypass issues, and vulnerabilities like LogoFail and PixieFail. These issues could allow attackers to gain elevated privileges, maintain persistence, and completely compromise firewall devices.
The identified vulnerabilities include seven CVEs, and additionally insecure flash access controls and leaked keys which compromise the integrity of the boot process. These flaws, ranging from boot process exploits to vulnerabilities within InsydeH2O UEFI firmware, could lead to privilege escalation, malicious code execution during startup, and information disclosure. Palo Alto Networks is aware of these claims and is working with third party vendors to develop firmware updates, although they state that the vulnerabilities are not exploitable under normal conditions with up-to-date and secured management interfaces, and do not affect PAN-OS CN-Series, PAN-OS VM-Series, Cloud NGFW and Prisma Access.
ImgSrc: blogger.googleu
References :
The identified vulnerabilities include seven CVEs, and additionally insecure flash access controls and leaked keys which compromise the integrity of the boot process. These flaws, ranging from boot process exploits to vulnerabilities within InsydeH2O UEFI firmware, could lead to privilege escalation, malicious code execution during startup, and information disclosure. Palo Alto Networks is aware of these claims and is working with third party vendors to develop firmware updates, although they state that the vulnerabilities are not exploitable under normal conditions with up-to-date and secured management interfaces, and do not affect PAN-OS CN-Series, PAN-OS VM-Series, Cloud NGFW and Prisma Access.
ImgSrc: blogger.googleu
Share:
References :
- eclypsium.com: Eclysium evaluated three Palo Alto Networks appliances, finding known vulnerabilities ranging from "Boothole" (buffer overflow to RCE) and secure boot bypass to LogoFail, PixieFail, leaked keys bypass, etc.
- security.paloaltonetworks.com: Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls
- The Hacker News: Palo Alto firewalls found vulnerable to secure boot bypass and firmware exploits
- : Palo Alto Networks See parent toot above. Palo Alto Networks is in damage control mode, after Eclypsium reported that their Next Generation Firewall (NGFW) products were still impacted by multiple known vulnerabilities. Palo Alto Networks is aware of claims of multiple vulnerabilities in hardware device firmware and bootloaders included in our PA-Series (hardware) firewalls. Palo Alto Networks is not aware of any malicious exploitation of these issues in our products. We are aware of a blog post discussing these issues.
- : Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls – Source: www.securityweek.com
- Patrick C Miller :donor:: Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls - SecurityWeek
- ciso2ciso.com: Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls – Source: www.securityweek.com