Conversation

Notices

1. Embed this notice
   screaminggoat (screaminggoat@infosec.exchange)'s status on Friday, 24-Jan-2025 09:52:12 JST screaminggoat

   Eclysium: PANdora's Box: Vulnerabilities Found in NGFW
   Eclysium evaluated three Palo Alto Networks appliances, finding known vulnerabilities ranging from "Boothole" (buffer overflow to RCE) and secure boot bypass to LogoFail, PixieFail, leaked keys bypass, etc. Elypsium provides a timeline with the most recent update requesting that they wait for a patch before going public with the details, but no estimated time of patch release.

   #paloaltonetworks #panos #pixiefail #logofail #boothole #secureboot #panw #infosec #vulnerability #cve #cybersecurity

   • Kevin Beaumont repeated this.
   • Embed this notice
     screaminggoat (screaminggoat@infosec.exchange)'s status on Friday, 24-Jan-2025 09:52:12 JST screaminggoat

     in reply to

     Palo Alto Networks PAN-SA-2025-0003 Informational: PAN-OS BIOS and Bootloader Security Bulletin
     See parent toot above. Palo Alto Networks is in damage control mode, after Eclypsium reported that their Next Generation Firewall (NGFW) products were still impacted by multiple known vulnerabilities.

     Palo Alto Networks is aware of claims of multiple vulnerabilities in hardware device firmware and bootloaders included in our PA-Series (hardware) firewalls.
     Palo Alto Networks is not aware of any malicious exploitation of these issues in our products. We are aware of a blog post discussing these issues.

     #paloaltonetworks #panw #vulnerability #cve #infosec #cybersecurity #eclypsium