Palo Alto’s firewall system working system, PAN-OS, relies on Purple Hat Linux, which makes use of Grand Unified Bootloader model 2 (GRUB2). The corporate indicators its GRUB2 bootloader and different parts with its personal certificates, that are saved within the UEFI certificates retailer to determine the chain of belief.
Nonetheless, in 2020, researchers from Eclypsium discovered a crucial buffer overflow vulnerability in the best way GRUB2 parsed content material from its configuration file, grub.cfg. Designed to be edited by directors with varied boot configuration choices, grub.cfg shouldn’t be digitally signed. However as a result of attackers may now edit grub.cfg to set off a buffer overflow and obtain arbitrary code execution contained in the bootloader, they’d a method to defeat Safe Boot and execute malicious code throughout boot time. This vulnerability, tracked as CVE-2020-10713, was dubbed BootHole.
On the time, Palo Alto Networks revealed an advisory about BootHole’s affect on its gadgets, saying that “this vulnerability is exploitable solely when an attacker already compromised the PAN-OS software program and gained root Linux privileges on the system,” noting that “this isn’t attainable below regular circumstances.”
