An exhaustive analysis of three firewall fashions from Palo Alto Networks has uncovered a number of recognized safety flaws impacting the gadgets’ firmware in addition to misconfigured safety features.
“These weren’t obscure, corner-case vulnerabilities,” safety vendor Eclypsium mentioned in a report shared with The Hacker Information.
“Instead these were very well-known issues that we wouldn’t expect to see even on a consumer-grade laptop. These issues could allow attackers to evade even the most basic integrity protections, such as Secure Boot, and modify device firmware if exploited.”
The corporate mentioned it analyzed three firewall home equipment from Palo Alto Networks, PA-3260, PA-1410, and PA-415, the primary of which formally reached end-of-sale on August 31, 2023. The opposite two fashions are totally supported firewall platforms.
The record of recognized flaws, collectively named PANdora’s Field, is as follows –
- CVE-2020-10713 aka BootHole (Impacts PA-3260, PA-1410, and PA-415), refers to a buffer overflow vulnerability that enables for a Safe Boot bypass on Linux programs with the characteristic enabled
- CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, and CVE-2021-45970 (Impacts PA-3260), which refers to a set of System Administration Mode (SMM) vulnerabilities affecting Insyde Software program’s InsydeH2O UEFI firmware that might result in privilege escalation and Safe Boot bypass
- LogoFAIL (Impacts PA-3260), which refers to a set of crucial vulnerabilities found within the Unified Extensible Firmware Interface (UEFI) code that exploit flaws in picture parsing libraries embedded within the firmware to bypass Safe Boot and execute malicious code throughout system startup
- PixieFail (Impacts PA-1410 and PA-415), which refers to a set of vulnerabilities within the TCP/IP community protocol stack included within the UEFI reference implementation that might result in code execution and data disclosure
- Insecure flash entry management vulnerability (Impacts PA-415), which refers to a case of misconfigured SPI flash entry controls that might allow an attacker to switch UEFI instantly and bypass different safety mechanisms
- CVE-2023-1017 (Impacts PA-415), which refers to an out-of-bounds write vulnerability within the Trusted Platform Module (TPM) 2.0 reference library specification
- Intel bootguard leaked keys bypass (Impacts PA-1410)
“These findings underscore a critical truth: even devices designed to protect can become vectors for attack if not properly secured and maintained,” Eclypsium mentioned. “As threat actors continue to target security appliances, organizations must adopt a more comprehensive approach to supply chain security.”
“This includes rigorous vendor assessments, regular firmware updates, and continuous device integrity monitoring. By understanding and addressing these hidden vulnerabilities, organizations can better protect their networks and data from sophisticated attacks that exploit the very tools meant to safeguard them.”
