Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls

Enterprise firmware and hardware security company Eclypsium has discovered that several firewalls from Palo Alto Networks are impacted by known BIOS and bootloader vulnerabilities.

Palo Alto Networks has addressed the claims, saying that it’s working on patches for some flaws, but pointed out that most of the security holes are either not easy to exploit or they don’t actually affect its products.

Eclypsium acquired three Palo Alto Networks appliances: PA-3260 (no longer sold, with EOL scheduled for 2028), PA-1410, and PA-415.

An analysis of the three firewalls revealed that they are all affected by BootHole, a GRUB2 bootloader vulnerability that can be exploited to install persistent and stealthy malware.

This flaw impacts billions of devices and enables an attacker to bypass the Secure Boot mechanism, but exploiting it requires elevated privileges.

In the case of Palo Alto Networks devices — as the vendor pointed out in 2020 when BootHole ...