According to a report by Eclypsium, Palo Alto Networks firewalls contain significant security flaws in their firmware and security configurations.
According to a report by Eclypsium, Palo Alto Networks firewalls contain significant security flaws in their firmware and security configurations. These vulnerabilities are not obscure or complex but relatively well-known issues that should not exist in enterprise-grade devices. The problems involve misconfigurations in features such as Secure Boot, which ensures that only trusted firmware and software will execute.
These weaknesses allow attackers to bypass fundamental integrity protections, enabling They could execute malicious code or alter the device firmware. The report emphasises that such vulnerabilities could execute malicious code or alter the device firmware. The report emphasises that such are comparable to those seen in consumer-grade devices, highlighting a critical lapse in the security architecture of these firewalls.
Three firewall appliances from Palo Alto Networks, PA-3260, PA-1410, and PA-415, are analysed. The first one reached the end of the sale on 31 August 2023, and the other two are fully supported firewall platforms.
The list of identified flaws in the Palo Alto Networks firewalls, collectively named PANdora’s Box,” includes several critical vulnerabilities affecting different models. CVE-2020-10713, also known as BootHole, is a buffer overflow vulnerability that impacts the PA-3260, PA-1410, and PA-415 models, allowing attackers to bypass Secure Boot on Linux systems.
The PA-3260 model is also affected by a series of System Management Mode (SMM) vulnerabilities, such as CVE-2022-24030 and others, which target Insyde Software’s InsydeH2OUEFI firmware, enabling privilege escalation and Secure Boot bypass. LogoFAIL, another critical issue impacting the PA-3260, involves flaws in the UEFI firmware’s image parsing libraries, which can be exploited to bypass Secure Boot and execute malicious code at startup.
PixieFail, affecting the PA-1410 and PA-415, exploits vulnerabilities in the UEFI’s TCP/IP network protocol stack, potentially leading to code execution and information disclosure. An insecure SPI flash access control vulnerability further compromises the PA-415 model, which allows attackers to modify UEFI firmware and bypass security directly mechanisms, and by CVE-2023-1017, an out-of-bounds write vulnerability in the Trusted Platform Module (TPM) 2.0 reference library. Additionally, the PA-1410 is affected by a bypass related to leaked keys in the Intel Boot Guard, compromising its ability to boot securely. These vulnerabilities collectively highlight various security risks across multiple Palo Alto firewall models.
Eclypsium highlighted that even security devices like firewalls can become attack vectors if improperly secured. They emphasise the importance of rigorous vendor assessments, firmware updates, and continuous monitoring to address hidden vulnerabilities and protect networks.
In response, Palo Alto Networks stated that the reported vulnerabilities are unlikely to be exploited under normal conditions with up-to-date PAN-OS software and proper security configurations. They confirmed no known malicious exploitation and assured them they are collaborating with a third-party vendor to develop mitigations.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.