- They said I couldn't find a high-quality multitool for under $30 - but this one's a winner
- I compared the viral $50 earplugs with my $300 sleep earbuds - here are the results
- This Android phone that doubles as a projector will make any tech enthusiast smile
- Samsung Galaxy S25 Ultra vs. OnePlus 13: I compared the best Android phones, and it was very close
- I replaced my $3,500 Sony camera with 200MP Android phone - and it's spoiled me big time
Palo Alto Networks firewalls have UEFI flaws, Secure Boot bypasses
Palo Alto’s firewall device operating system, PAN-OS, is based on Red Hat Linux, which uses Grand Unified Bootloader version 2 (GRUB2). The company signs its GRUB2 bootloader and other components with its own certificates, which are stored in the UEFI certificate store to establish the chain of trust.
However, in 2020, researchers from Eclypsium found a critical buffer overflow vulnerability in the way GRUB2 parsed content from its configuration file, grub.cfg. Designed to be edited by administrators with various boot configuration options, grub.cfg is not digitally signed. But because attackers could now edit grub.cfg to trigger a buffer overflow and achieve arbitrary code execution inside the bootloader, they had a way to defeat Secure Boot and execute malicious code during boot time. This vulnerability, tracked as CVE-2020-10713, was dubbed BootHole.
At the time, Palo Alto Networks published an advisory about BootHole’s impact on its devices, saying that “this vulnerability is exploitable only when an attacker already compromised the PAN-OS software and gained root Linux privileges on the system,” noting that “this is not possible under normal conditions.”
