An in-depth assessment of three firewall models from Palo Alto Networks has revealed numerous security vulnerabilities related to their firmware and security configurations. According to security firm Eclypsium, these flaws are not obscure; rather, they are well-known issues that one would not expect to encounter in devices designed for protecting networks.

The examination focused on the PA-3260, PA-1410, and PA-415 firewall appliances. Of these, the PA-3260 is no longer available for sale, while the other two models continue to receive support.

The identified vulnerabilities, collectively dubbed PANdora’s Box, include:

• CVE-2020-10713 (BootHole): This buffer overflow vulnerability affects all three models and permits bypassing Secure Boot on Linux systems.
• CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, and CVE-2021-45970: Specific to the PA-3260, these vulnerabilities pertain to the InsydeH2O UEFI firmware, which may allow privilege escalation and Secure Boot evasion.
• LogoFAIL: This set of vulnerabilities impacts the PA-3260, exposing firmware flaws that could enable malicious code execution during startup.
• PixieFail: Affecting the PA-1410 and PA-415 models, these vulnerabilities in the TCP/IP stack could lead to unauthorized code execution and information leaks.
• Misconfigured SPI flash access control: This vulnerability, found in the PA-415, may allow attackers to modify UEFI directly, circumventing other security measures.
• CVE-2023-1017: In the PA-415, this out-of-bounds write vulnerability affects the Trusted Platform Module (TPM) library.
• Intel bootguard leaked keys bypass: A vulnerability impacting the PA-1410.

Eclypsium emphasized that these findings highlight a troubling reality: devices meant to protect against threats can themselves be vulnerable if not properly secured. Organizations must take proactive measures in supply chain security, including thorough vendor assessments, routine firmware updates, and ongoing monitoring of device integrity. By addressing these hidden vulnerabilities, companies can enhance the protection of their networks and sensitive data against sophisticated attacks leveraging flaws in security appliances.

Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.