2025-01-29 21:29:12 Pacfic
Palo Alto Firewalls Vulnerable to Secure Boot Bypass - 4d
Critical vulnerabilities have been discovered in Palo Alto Networks firewall devices, potentially allowing attackers to bypass Secure Boot protections and exploit firmware-level flaws. Security firm Eclypsium evaluated three Palo Alto Network appliances, including the PA-3260, PA-1410, and PA-415, uncovering a range of well-known vulnerabilities collectively named "PANdora's Box". These flaws include "Boothole," a buffer overflow vulnerability leading to remote code execution, secure boot bypass issues, and vulnerabilities like LogoFail and PixieFail. These issues could allow attackers to gain elevated privileges, maintain persistence, and completely compromise firewall devices.
The identified vulnerabilities include seven CVEs, and additionally insecure flash access controls and leaked keys which compromise the integrity of the boot process. These flaws, ranging from boot process exploits to vulnerabilities within InsydeH2O UEFI firmware, could lead to privilege escalation, malicious code execution during startup, and information disclosure. Palo Alto Networks is aware of these claims and is working with third party vendors to develop firmware updates, although they state that the vulnerabilities are not exploitable under normal conditions with up-to-date and secured management interfaces, and do not affect PAN-OS CN-Series, PAN-OS VM-Series, Cloud NGFW and Prisma Access.
ImgSrc: blogger.googleusercontent.com
References:
- eclypsium.com - Eclysium evaluated three Palo Alto Networks appliances, finding known vulnerabilities ranging from "Boothole" (buffer overflow to RCE) and secure boot bypass to LogoFail, PixieFail, leaked keys bypass - 5d
- security.paloaltonetworks.com - Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls - 4d
- The Hacker News - Palo Alto firewalls found vulnerable to secure boot bypass and firmware exploits - 4d
- @screaminggoat - Palo Alto Networks See parent toot above. Palo Alto Networks is in damage control mode, after Eclypsium reported that their Next Generation Firewall (NGFW) products were still impacted by multiple kno - 3d
- @jos1264 - Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls – Source: www.securityweek.com - 3d
- @patrickcmiller - Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls - SecurityWeek - 2d
- ciso2ciso.com - Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls – Source: www.securityweek.com - 1d
Classification:
- HashTags: PaloAlto Firewall SecureBoot
- Company: Palo Alto Networks
- Target: Palo Alto Firewall Users
- Product: Palo Alto Firewalls
- Feature: Secure Boot Bypass
- Type: Vulnerability
- Severity: Major