Several vulnerabilities have been identified in firewalls made by Palo Alto Networks, which has acknowledged them and stated that fixes are in development, reports SecurityWeek.
Eclypsium, the enterprise firmware and hardware security firm that discovered the flaws, analyzed three firewall models: PA-3260, PA-1410, and PA-415, and reported that all were affected by the BootHole vulnerability, a GRUB2 bootloader flaw that could enable attackers to bypass Secure Boot and install persistent malware. Exploiting this issue requires elevated privileges, such as root Linux access on PAN-OS, which Palo Alto Networks emphasized limits its practical impact.
Eclypsium also linked the PA-3260 model to System Management Mode vulnerabilities in InsydeH2O UEFI firmware, which allow privilege escalation, malware installation, and configuration tampering. Additionally, the PA-3260 was found vulnerable to LogoFAIL attacks, though Palo Alto disputed this, stating its firewalls lack the conditions required for exploitation. The PA-3260 is no longer available for sale and is scheduled for end-of-life in 2028. Meanwhile, the PA-1410 and PA-415 devices were reported to be affected by PixieFail vulnerabilities and the PA-415 additionally having misconfigured SPI flash access controls. Palo Alto denied exploitation risks, explaining that physical hardware tampering would be necessary and that BIOS-related vulnerabilities cannot directly compromise PAN-OS software.