Need some ammo against Palo Alto Networks? This article is for you!

Risks:

Privilege Escalation, Misconfiguration, Supply Chain

Keywords:

Palo Alto Networks, firewall vulnerabilities, Secure Boot bypass, firmware exploits, PANdora's Box

CVE:

CVE-2020-10713; CVE-2022-24030; CVE-2021-33627; CVE-2021-42060; CVE-2021-42554; CVE-2021-43323; CVE-2021-45970; CVE-2023-1017

Affected:

Palo Alto Networks, PA-3260, PA-1410, PA-415

 

Palo Alto Firewalls Exposed to Critical Vulnerabilities

Recent security evaluations have discovered significant vulnerabilities in three firewall models produced by Palo Alto Networks. These vulnerabilities, collectively termed "PANdora's Box," have been identified in the firmware and security configurations of the affected devices, posing potential security risks.

Affected Models

The assessment covered three firewall appliances: PA-3260, PA-1410, and PA-415. Among these, the PA-3260 model has reached its end-of-sale status as of August 31, 2023, while the PA-1410 and PA-415 models are still actively supported.

Details of the Vulnerabilities

The identified vulnerabilities are not obscure but well-known issues that should not be present in such critical security devices. These flaws could allow attackers to bypass Secure Boot, a fundamental security feature, and modify the device firmware.

• CVE-2020-10713 (BootHole): This vulnerability allows for a Secure Boot bypass on Linux systems. It affects all three models: PA-3260, PA-1410, and PA-415.
• System Management Mode (SMM) Vulnerabilities: Affecting the PA-3260, these include CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323, and CVE-2021-45970. These issues relate to privilege escalation and Secure Boot bypass.
• LogoFAIL: Found in the PA-3260, this involves critical vulnerabilities in the UEFI code, leading to Secure Boot bypass and potential execution of malicious code.
• PixieFail: Affecting PA-1410 and PA-415, these vulnerabilities in the TCP/IP network protocol stack can result in code execution and information disclosure.
• Insecure Flash Access Control: This vulnerability in PA-415 allows attackers to modify UEFI directly, bypassing other security mechanisms.
• CVE-2023-1017: An out-of-bounds write vulnerability in the TPM 2.0 reference library specification, affecting PA-415.

Implications and Recommendations

These findings emphasize the critical need for secure and maintained protection devices, as even security appliances can become attack vectors if not properly safeguarded. Organizations are urged to enhance their supply chain security through comprehensive vendor assessments, regular firmware updates, and continuous monitoring of device integrity.

Palo Alto Networks has responded, stating that their Product Security Incident Response Team has evaluated these potential vulnerabilities. They assert that with up-to-date PAN-OS software and secured management interfaces deployed according to best practice guidelines, the exploitation scenarios do not exist under normal conditions. Palo Alto Networks is unaware of any malicious exploitation of these vulnerabilities and commits to providing further updates and guidance as necessary.

 

Read More

https://thehackernews.com/2025/01/palo-alto-firewalls-found-vulnerable-to.html?m=1