
A comprehensive security assessment has revealed multiple vulnerabilities in three Palo Alto Networks firewall models: PA-3260, PA-1410, and PA-415. Security firm Eclypsium identified several well-known security issues that could potentially compromise device firmware and bypass basic security protections.
Key Vulnerabilities Identified (PANdora’s Box):
1. BootHole (CVE-2020-10713)
– Affects all three models
– Buffer overflow vulnerability enabling Secure Boot bypass
2. InsydeH2O UEFI Firmware Vulnerabilities
– Affects PA-3260
– Multiple SMM vulnerabilities potentially leading to privilege escalation
3. LogoFAIL
– Affects PA-3260
– UEFI code vulnerabilities allowing malicious code execution during startup
4. PixieFail
– Affects PA-1410 and PA-415
– TCP/IP stack vulnerabilities enabling code execution
5. Additional Security Issues
– Insecure flash access control (PA-415)
– TPM 2.0 vulnerability (PA-415)
– Intel bootguard leaked keys bypass (PA-1410)
Palo Alto Networks’ Response:
The company stated that successful exploitation requires:
– Prior compromise of PAN-OS software
– Elevated privileges
– Access to BIOS firmware
They emphasized that up-to-date PAN-OS software with secured management interfaces significantly mitigates these risks. The company is working with third-party vendors on firmware updates, particularly for the InsydeH2O UEFI firmware vulnerabilities affecting specific series models.
No known malicious exploitation has been reported, and Palo Alto Networks recommends customers upgrade to the latest supported versions for enhanced security.