4.3 C
New York
Sunday, January 26, 2025

Palo Alto Firewalls Discovered Weak to Safe Boot Bypass and Firmware Exploits


Jan 23, 2025Ravie LakshmananFirmware Safety / Vulnerability

Palo Alto Firewalls Discovered Weak to Safe Boot Bypass and Firmware Exploits

An exhaustive analysis of three firewall fashions from Palo Alto Networks has uncovered a number of recognized safety flaws impacting the units’ firmware in addition to misconfigured safety features.

“These weren’t obscure, corner-case vulnerabilities,” safety vendor Eclypsium stated in a report shared with The Hacker Information.

“As a substitute these have been very well-known points that we would not count on to see even on a consumer-grade laptop computer. These points may permit attackers to evade even essentially the most primary integrity protections, equivalent to Safe Boot, and modify machine firmware if exploited.”

The corporate stated it analyzed three firewall home equipment from Palo Alto Networks, PA-3260, PA-1410, and PA-415, the primary of which formally reached end-of-sale on August 31, 2023. The opposite two fashions are totally supported firewall platforms.

Cybersecurity

The record of recognized flaws, collectively named PANdora’s Field, is as follows –

  • CVE-2020-10713 aka BootHole (Impacts PA-3260, PA-1410, and PA-415), refers to a buffer overflow vulnerability that enables for a Safe Boot bypass on Linux programs with the characteristic enabled
  • CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, and CVE-2021-45970 (Impacts PA-3260), which refers to a set of System Administration Mode (SMM) vulnerabilities affecting Insyde Software program’s InsydeH2O UEFI firmware that would result in privilege escalation and Safe Boot bypass
  • LogoFAIL (Impacts PA-3260), which refers to a set of vital vulnerabilities found within the Unified Extensible Firmware Interface (UEFI) code that exploit flaws in picture parsing libraries embedded within the firmware to bypass Safe Boot and execute malicious code throughout system startup
  • PixieFail (Impacts PA-1410 and PA-415), which refers to a set of vulnerabilities within the TCP/IP community protocol stack included within the UEFI reference implementation that would result in code execution and data disclosure
  • Insecure flash entry management vulnerability (Impacts PA-415), which refers to a case of misconfigured SPI flash entry controls that would allow an attacker to change UEFI instantly and bypass different safety mechanisms
  • CVE-2023-1017 (Impacts PA-415), which refers to an out-of-bounds write vulnerability within the Trusted Platform Module (TPM) 2.0 reference library specification
  • Intel bootguard leaked keys bypass (Impacts PA-1410)
Cybersecurity

“These findings underscore a vital fact: even units designed to guard can change into vectors for assault if not correctly secured and maintained,” Eclypsium stated. “As menace actors proceed to focus on safety home equipment, organizations should undertake a extra complete strategy to provide chain safety.”

“This contains rigorous vendor assessments, common firmware updates, and steady machine integrity monitoring. By understanding and addressing these hidden vulnerabilities, organizations can higher shield their networks and information from refined assaults that exploit the very instruments meant to safeguard them.”

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles