An exhaustive analysis of 3 firewall fashions from Palo Alto Networks has exposed a number of recognized safety flaws impacting the gadgets’ firmware in addition to misconfigured safety features.
“Those were not difficult to understand, corner-case vulnerabilities,” safety dealer Eclypsium stated in a document shared with The Hacker Information.
“As an alternative those have been very well known problems that we would not be expecting to look even on a consumer-grade pc. Those problems may just permit attackers to evade even probably the most fundamental integrity protections, comparable to Protected Boot, and regulate instrument firmware if exploited.”
The corporate stated it analyzed 3 firewall home equipment from Palo Alto Networks, PA-3260, PA-1410, and PA-415, the primary of which formally reached end-of-sale on August 31, 2023. The opposite two fashions are absolutely supported firewall platforms.
The listing of known flaws, jointly named PANdora’s Field, is as follows –
- CVE-2020-10713 aka BootHole (Impacts PA-3260, PA-1410, and PA-415), refers to a buffer overflow vulnerability that permits for a Protected Boot bypass on Linux programs with the characteristic enabled
- CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, and CVE-2021-45970 (Impacts PA-3260), which refers to a collection of Gadget Control Mode (SMM) vulnerabilities affecting Insyde Device’s InsydeH2O UEFI firmware that might result in privilege escalation and Protected Boot bypass
- LogoFAIL (Impacts PA-3260), which refers to a collection of crucial vulnerabilities found out within the Unified Extensible Firmware Interface (UEFI) code that exploit flaws in symbol parsing libraries embedded within the firmware to circumvent Protected Boot and execute malicious code throughout device startup
- PixieFail (Impacts PA-1410 and PA-415), which refers to a collection of vulnerabilities within the TCP/IP community protocol stack included within the UEFI reference implementation that might result in code execution and knowledge disclosure
- Insecure flash get entry to keep an eye on vulnerability (Impacts PA-415), which refers to a case of misconfigured SPI flash get entry to controls that might allow an attacker to switch UEFI immediately and bypass different safety mechanisms
- CVE-2023-1017 (Impacts PA-415), which refers to an out-of-bounds write vulnerability within the Depended on Platform Module (TPM) 2.0 reference library specification
- Intel bootguard leaked keys bypass (Impacts PA-1410)
“Those findings underscore a crucial fact: even gadgets designed to offer protection to can change into vectors for assault if now not correctly secured and maintained,” Eclypsium stated. “As danger actors proceed to focus on safety home equipment, organizations will have to undertake a extra complete way to provide chain safety.”
“This comprises rigorous dealer checks, common firmware updates, and steady instrument integrity tracking. By way of working out and addressing those hidden vulnerabilities, organizations can higher offer protection to their networks and information from refined assaults that exploit the very gear intended to safeguard them.”