Palo Alto Networks firewalls have UEFI flaws, Secure Boot bypasses

Palo Alto’s firewall device operating system, PAN-OS, is based on Red Hat Linux, which uses Grand Unified Bootloader version 2 (GRUB2). The company signs its GRUB2 bootloader and other components with its own certificates, which are stored in the UEFI certificate store to establish the chain of trust.

However, in 2020, researchers from Eclypsium found a critical buffer overflow vulnerability in the way GRUB2 parsed content from its configuration file, grub.cfg. Designed to be edited by administrators with various boot configuration options, grub.cfg is not digitally signed. But because attackers could now edit grub.cfg to trigger a buffer overflow and achieve arbitrary code execution inside the bootloader, they had a way to defeat Secure Boot and execute malicious code during boot time. This vulnerability, tracked as CVE-2020-10713, was dubbed BootHole.

At the time, Palo Alto Networks published an advisory about BootHole’s impact on its devices, saying that “this vulnerability is exploitable only when an attacker already compromised the PAN-OS software and gained root Linux privileges on the system,” noting that “this is not possible under normal conditions.”

Source link

Palo Alto Networks firewalls have UEFI flaws, Secure Boot bypasses

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

VMWARE

Configuration Templates