Ddos 
Source: Eclypsium
Eclypsium researchers have uncovered multiple critical vulnerabilities in several Palo Alto Networks (PAN) next-generation firewalls (NGFWs). This report exposes a range of security flaws in widely deployed models such as the PA-3260, PA-1410, and PA-415.
The investigation revealed “commodity hardware, vulnerable software and firmware, and missing security features” in devices marketed for their high-security standards. Eclypsium researchers pointed out, “These weren’t obscure, corner-case vulnerabilities. Instead these were very well-known issues that we wouldn’t expect to see even on a consumer-grade laptop.”
One of the most concerning issues is the failure of Secure Boot, a critical mechanism meant to ensure the integrity of the boot process. Exploits like BootHole (CVE-2020-10713) allow attackers to bypass Secure Boot protections and execute arbitrary code. Even if Secure Boot was enabled, attackers could circumvent protections using this vulnerability, leading to persistent bootkits and malicious bootloaders.
Key findings from the report include:
- BootHole Vulnerability: Exploited in all three models (PA-3260, PA-1410, and PA-415), allowing attackers to bypass Secure Boot protections by exploiting outdated configurations in GRUB2.
- PixieFail UEFI Vulnerability: Present in the PA-415 and PA-1410 models, this flaw enables remote code execution during the network boot process, provided the attacker is on the same network.
- Insecure Flash Access Control: Found in the PA-415, allowing attackers to modify UEFI firmware directly, bypassing other security measures.
- Intel BootGuard Bypass: Identified in the PA-1410, where leaked cryptographic keys undermine the system’s ability to validate boot integrity.
These vulnerabilities demonstrate systemic gaps in supply chain security and device integrity across PAN appliances. “The security landscape for network appliances is far more complex and vulnerable than many organizations realize,” the researchers noted, stressing that such weaknesses turn defensive tools into potential attack vectors.
The implications are severe. With these flaws, attackers could bypass security measures, implant persistent malware, and even gain control over the entire network. The report highlights the irony: “Security appliances, ironically, are often very poor regarding their own supply chain security and device integrity.”
Palo Alto Networks has been informed of these vulnerabilities. Organizations must act swiftly to secure these critical infrastructure components before attackers can exploit the uncovered vulnerabilities.
Related Posts:
- Researcher: Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems
- Next-Gen F5 BIG-IP Management System Hit by Serious Vulnerabilities
- Palo Alto Networks Raises Alarm on Firewall Vulnerability Following Active Exploitation
- Microsoft Announces Critical Change to .NET Installer Distribution Domains