An exhaustive analysis of three firewall fashions from Palo Alto Networks has uncovered a number of identified safety flaws impacting the units’ firmware in addition to misconfigured safety features.
“These weren’t obscure, corner-case vulnerabilities,” safety vendor Eclypsium stated in a report shared with The Hacker Information.
“As an alternative these have been very well-known points that we would not anticipate to see even on a consumer-grade laptop computer. These points might enable attackers to evade even essentially the most primary integrity protections, equivalent to Safe Boot, and modify machine firmware if exploited.”
The corporate stated it analyzed three firewall home equipment from Palo Alto Networks, PA-3260, PA-1410, and PA-415, the primary of which formally reached end-of-sale on August 31, 2023. The opposite two fashions are totally supported firewall platforms.
The listing of recognized flaws, collectively named PANdora’s Field, is as follows –
- CVE-2020-10713 aka BootHole (Impacts PA-3260, PA-1410, and PA-415), refers to a buffer overflow vulnerability that enables for a Safe Boot bypass on Linux programs with the function enabled
- CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, and CVE-2021-45970 (Impacts PA-3260), which refers to a set of System Administration Mode (SMM) vulnerabilities affecting Insyde Software program’s InsydeH2O UEFI firmware that would result in privilege escalation and Safe Boot bypass
- LogoFAIL (Impacts PA-3260), which refers to a set of crucial vulnerabilities found within the Unified Extensible Firmware Interface (UEFI) code that exploit flaws in picture parsing libraries embedded within the firmware to bypass Safe Boot and execute malicious code throughout system startup
- PixieFail (Impacts PA-1410 and PA-415), which refers to a set of vulnerabilities within the TCP/IP community protocol stack included within the UEFI reference implementation that would result in code execution and data disclosure
- Insecure flash entry management vulnerability (Impacts PA-415), which refers to a case of misconfigured SPI flash entry controls that would allow an attacker to switch UEFI straight and bypass different safety mechanisms
- CVE-2023-1017 (Impacts PA-415), which refers to an out-of-bounds write vulnerability within the Trusted Platform Module (TPM) 2.0 reference library specification
- Intel bootguard leaked keys bypass (Impacts PA-1410)
“These findings underscore a crucial fact: even units designed to guard can change into vectors for assault if not correctly secured and maintained,” Eclypsium stated. “As menace actors proceed to focus on safety home equipment, organizations should undertake a extra complete method to produce chain safety.”
“This consists of rigorous vendor assessments, common firmware updates, and steady machine integrity monitoring. By understanding and addressing these hidden vulnerabilities, organizations can higher defend their networks and knowledge from subtle assaults that exploit the very instruments meant to safeguard them.”
