HomeVulnerabilityPalo Alto Firewalls Discovered Susceptible to Safe Boot Bypass and Firmware Exploits

Palo Alto Firewalls Discovered Susceptible to Safe Boot Bypass and Firmware Exploits

An exhaustive analysis of three firewall fashions from Palo Alto Networks has uncovered a number of identified security flaws impacting the units’ firmware in addition to misconfigured security options.

“These weren’t obscure, corner-case vulnerabilities,” security vendor Eclypsium stated in a report shared with The Hacker Information.

“As an alternative these have been very well-known points that we would not anticipate to see even on a consumer-grade laptop computer. These points may enable attackers to evade even essentially the most primary integrity protections, resembling Safe Boot, and modify gadget firmware if exploited.”

The corporate stated it analyzed three firewall home equipment from Palo Alto Networks, PA-3260, PA-1410, and PA-415, the primary of which formally reached end-of-sale on August 31, 2023. The opposite two fashions are totally supported firewall platforms.

Cybersecurity

The record of recognized flaws, collectively named PANdora’s Field, is as follows –

  • CVE-2020-10713 aka BootHole (Impacts PA-3260, PA-1410, and PA-415), refers to a buffer overflow vulnerability that enables for a Safe Boot bypass on Linux programs with the function enabled
  • CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, and CVE-2021-45970 (Impacts PA-3260), which refers to a set of System Administration Mode (SMM) vulnerabilities affecting Insyde Software program’s InsydeH2O UEFI firmware that might result in privilege escalation and Safe Boot bypass
  • LogoFAIL (Impacts PA-3260), which refers to a set of vital vulnerabilities found within the Unified Extensible Firmware Interface (UEFI) code that exploit flaws in picture parsing libraries embedded within the firmware to bypass Safe Boot and execute malicious code throughout system startup
  • PixieFail (Impacts PA-1410 and PA-415), which refers to a set of vulnerabilities within the TCP/IP community protocol stack integrated within the UEFI reference implementation that might result in code execution and data disclosure
  • Insecure flash entry management vulnerability (Impacts PA-415), which refers to a case of misconfigured SPI flash entry controls that might allow an attacker to change UEFI immediately and bypass different security mechanisms
  • CVE-2023-1017 (Impacts PA-415), which refers to an out-of-bounds write vulnerability within the Trusted Platform Module (TPM) 2.0 reference library specification
  • Intel bootguard leaked keys bypass (Impacts PA-1410)
Cybersecurity

“These findings underscore a vital fact: even units designed to guard can grow to be vectors for assault if not correctly secured and maintained,” Eclypsium stated. “As menace actors proceed to focus on security home equipment, organizations should undertake a extra complete method to produce chain security.”

See also  Unveiling Hidden Threats to Company Identities

“This contains rigorous vendor assessments, common firmware updates, and steady gadget integrity monitoring. By understanding and addressing these hidden vulnerabilities, organizations can higher defend their networks and information from refined assaults that exploit the very instruments meant to safeguard them.”

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular