- Finally, a GPS tracker with unlimited battery life and high-accuracy location tracking
- Cyber Risks Associated with Adoption of Generative AI Tools
- Your Windows 10 PC isn't dead yet - this OS from Google can revive it
- That Google email look real? Don't click - it might be scam. Here's how to tell
- Dell data center modernization gear targets AI, HPC workloads
Palo Alto Networks firewalls have UEFI flaws, Secure Boot bypasses
Palo Alto’s firewall device operating system, PAN-OS, is based on Red Hat Linux, which uses Grand Unified Bootloader version 2 (GRUB2). The company signs its GRUB2 bootloader and other components with its own certificates, which are stored in the UEFI certificate store to establish the chain of trust.
However, in 2020, researchers from Eclypsium found a critical buffer overflow vulnerability in the way GRUB2 parsed content from its configuration file, grub.cfg. Designed to be edited by administrators with various boot configuration options, grub.cfg is not digitally signed. But because attackers could now edit grub.cfg to trigger a buffer overflow and achieve arbitrary code execution inside the bootloader, they had a way to defeat Secure Boot and execute malicious code during boot time. This vulnerability, tracked as CVE-2020-10713, was dubbed BootHole.
At the time, Palo Alto Networks published an advisory about BootHole’s impact on its devices, saying that “this vulnerability is exploitable only when an attacker already compromised the PAN-OS software and gained root Linux privileges on the system,” noting that “this is not possible under normal conditions.”
