- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-23-2025 02:32 PM
Anyone else seen this article from HackerNews? Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits I'm being told these are all old vulnerabilities and I shouldn't worry my pretty little head about them. We've a couple of new 1410's on order and I'm wondering what, if anything, I need to do to ensure that I really don't need to worry. Thoughts?
01-27-2025 12:18 PM
Hello,
I went down the rabbit hole on this one and here is what I found:
So if you are good on both points, you're safe.
Regards,
01-23-2025 03:05 PM
I would wait to see if PAN to actually publishes a security advisory regarding these findings, but the actual report details a lot of where these would stand. I'm personally not a fan of how Eclypsium handled their disclosure with a significant amount of time between today and initial disclosure being the holiday period.
Looking through the vulnerabilities reported none of them at first glance appear to be exploitable by themselves. The vast majority rely on a more complex attack chain where the known exploits have all been patched, or they require physical access to the device to exploit unnoticed.
Looking solely at those that affect the 1410 as an example:
CVE-2020-10713
As PAN noted at the time, you don't regularly have access to modify core system files. This (under normal circumstances) requires that you have access to generate one-time root access via TAC. Vulnerabilities to gain root level access to system files do exist, but they are patched in the latest releases. It's not that there's no impact, but the vulnerability relies on a chain to properly exploit; eclypsium utilized known-vulnerable builds to exploit this issue.
PixieFail
My understanding is that you would need to boot into the PXE environment to exploit this. That would be severely abnormal condition to have your firewall in.
Intel BootGuard
I've personally not seen any confirmation that the leak that exposed these keys actually impacts every Intel product that some claim it does. It very well could actually include Intel keys themselves, but I've never seen direct confirmation that this is the case. I've seen a lot of people parrot the original report without any confirmation one way or the other.
01-24-2025 12:07 AM
Paloalto published regarding PANdora's box.
PAN-SA-2025-0003 Informational: PAN-OS BIOS and Bootloader Security Bulletin
Yeah we too ordered a few 1410 models recently
01-27-2025 12:18 PM
Hello,
I went down the rabbit hole on this one and here is what I found:
So if you are good on both points, you're safe.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!