An exhaustive analysis of three firewall fashions from Palo Alto Networks has uncovered a number of identified safety flaws impacting the units’ firmware in addition to misconfigured safety features.
“These weren’t obscure, corner-case vulnerabilities,” safety vendor Eclypsium stated in a report shared with The Hacker Information.
“As a substitute these had been very well-known points that we would not count on to see even on a consumer-grade laptop computer. These points might enable attackers to evade even probably the most fundamental integrity protections, reminiscent of Safe Boot, and modify gadget firmware if exploited.”
The corporate stated it analyzed three firewall home equipment from Palo Alto Networks, PA-3260, PA-1410, and PA-415, the primary of which formally reached end-of-sale on August 31, 2023. The opposite two fashions are absolutely supported firewall platforms.
The checklist of recognized flaws, collectively named PANdora’s Field, is as follows –
- CVE-2020-10713 aka BootHole (Impacts PA-3260, PA-1410, and PA-415), refers to a buffer overflow vulnerability that enables for a Safe Boot bypass on Linux techniques with the function enabled
- CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, and CVE-2021-45970 (Impacts PA-3260), which refers to a set of System Administration Mode (SMM) vulnerabilities affecting Insyde Software program’s InsydeH2O UEFI firmware that might result in privilege escalation and Safe Boot bypass
- LogoFAIL (Impacts PA-3260), which refers to a set of crucial vulnerabilities found within the Unified Extensible Firmware Interface (UEFI) code that exploit flaws in picture parsing libraries embedded within the firmware to bypass Safe Boot and execute malicious code throughout system startup
- PixieFail (Impacts PA-1410 and PA-415), which refers to a set of vulnerabilities within the TCP/IP community protocol stack integrated within the UEFI reference implementation that might result in code execution and data disclosure
- Insecure flash entry management vulnerability (Impacts PA-415), which refers to a case of misconfigured SPI flash entry controls that might allow an attacker to change UEFI instantly and bypass different safety mechanisms
- CVE-2023-1017 (Impacts PA-415), which refers to an out-of-bounds write vulnerability within the Trusted Platform Module (TPM) 2.0 reference library specification
- Intel bootguard leaked keys bypass (Impacts PA-1410)
“These findings underscore a crucial fact: even units designed to guard can turn out to be vectors for assault if not correctly secured and maintained,” Eclypsium stated. “As menace actors proceed to focus on safety home equipment, organizations should undertake a extra complete method to provide chain safety.”
“This consists of rigorous vendor assessments, common firmware updates, and steady gadget integrity monitoring. By understanding and addressing these hidden vulnerabilities, organizations can higher shield their networks and knowledge from refined assaults that exploit the very instruments meant to safeguard them.”