The Palo Alto firewalls present concerning and serious vulnerabilities.
However, the company disagrees.
Security researchers from the Eclypsium group have identified several vulnerabilities in different Palo Alto Networks firewalls, describing them as quite severe and potentially harmful to the effectiveness of these products. In their report, the experts detailed a series of security flaws in the firmware of the firewalls and noted configuration issues in security features.
Palo Alto Networks' response to these claims was that the highlighted vulnerabilities are exaggerated and would be nearly impossible to exploit in real-world environments. Additionally, they indicated that they have not observed any malicious use of these flaws.
The researchers mentioned that these vulnerabilities are not rare or marginal cases. "Instead, they are known issues that we would not expect to find even in a personal computer," they pointed out. They warned that if exploited, these vulnerabilities could allow attackers to bypass basic integrity protections, such as Secure Boot, and modify the device's firmware.
The flaws were detected in specific models: PA-3260, PA-1410, and PA-415. The PA-3260 model was discontinued in mid-2023, while the other two are still supported. The vulnerabilities are registered under various CVE classifications, including CVE-2020-10713, CVE-2022-24030, CVE-2021-33627, among others.
After the news was published, there was an attempt to delve deeper into Palo Alto Networks' perspective. The company reaffirmed that “the scenarios required for a successful exploitation do not exist in the updated PAN-OS software under normal conditions with secure management interfaces implemented according to best practices.” This translates to: if the firewall's operating system is up to date and management interfaces are properly implemented, there should be no risk.
Palo Alto Networks also clarified that they are not aware of any cases of malicious exploitation of these vulnerabilities and reiterated their confidence in the quality and integrity of their technology. Additionally, they mentioned that they are collaborating with an external provider to develop possible mitigations and promised to keep affected customers informed about relevant updates and guidance.
