- Eclypse researchers find several bugs in several Palo Alto Networks firewalls
- They say that vulnerabilities are quite serious
- Palo Alto Networks says that if the operating system is up to date and the nominal security parameters, there is no risk
Security researchers criticized Palo Alto Networks firewalls, saying they have discovered serious vulnerabilities that undermine the entire product point.
ECLYPSIUM cybersecurity researchers have published a report detailing a multitude of security defects with an impact on the micrologetal of the Palo Alto Networks firewall as well as erroneous security features.
The company replied by saying that vulnerabilities were a section, that they are almost impossible to take advantage of the nature, and that they have not seen them abused anywhere.
Logofail, Pixiefail and other misfortunes
“They were not obscure and angle cases,” said the researchers. “Instead, these are very well -known problems that we do not expect to see even on a laptop of consumer quality. These problems could allow attackers to escape even the most basic integrity protections, such as Secure Boot, and modify the firmware of the device if it is used. “
Eclypisum said the faults had been found in PA-3260, PA-1410 and PA-415. The first reached the end of the sale in mid-2023, while the other two are still fully supported.
The bugs are followed under the name of CVE-2020-10713, CVE-2022-24030, CVE-2021-33627, CVE-2021-42060, CVE-2021-42554, CVE-2021-43323 and CVE-2021-45970, Logofail ,, Pixiefail, CVE-2023-1017, and the bristing of the Touches Disclée Intel Bootguard.
Once the news broke, The Hacker News contacted the company to comment. Palo Alto networks responded by saying that “the scenarios required for successful exploitation do not exist on up-to-date PAN-OS software in normal conditions with secure management interfaces deployed in accordance with the best practices guidelines.”
In other words, if the firewall operating system is up to date and secure management interfaces are properly deployed, there is no risk.
“Palo Alto Networks is not aware of any malicious exploitation of these problems. We maintain the quality and integrity of our technology, ”he added.
“Although the conditions necessary to exploit these vulnerabilities are not available for users or Pan-OS software administrators, we work with the third party supplier to develop all the attenuations that may be necessary. We will provide other updates and advice to affected customers as they are available. »»
