Home > Security > Security News

Palo Alto Networks Appliances in Need of a Security Overhaul?

Published
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor

Researchers unearthed that Palo Alto Networks appliances they purchased had vulnerabilities in the software and hardware. The American multinational cybersecurity company that offers a wide range of firewalls and cloud offerings was found not maintaining basic protective measures. 

Eclypsium, a platform that scans hardware, firmware, and software components in the IT infrastructure detailed that from the three Palo Alto Networks appliances, one reached end-of-sale on August 31, 2023. It is scheduled for end-of-life on August 31, 2028. 

They inspected the Palo Alto Networks Enterprise Firewall PA-3260 sold as the world’s first ML-powered next generation product, PA-1410, and PA-415.

And found several vulnerabilities in the version of the software used in the devices including InsydeH2O from Insyde Software. They were:

  1. CVE-2022-24030 in Siemens InsydeH2O with a CVSS of 7.5.
  2. CVE-2021-45970 in the IdeBusDxe component in HP enterprise products with a CVSS of 8.2.
  3. CVE-2021-43323 in UsbCoreDxe in InsydeH2O with a CVSS of 8.2.
  4. CVE-2021-42554 in FvbServicesRuntimeDxe in InsydeH2O with a CVSS of 8.2.
  5. CVE-2021-42060 in InsydeH2O with a CVSS of 8.2.
  6. CVE-2021-33627 in InsydeH2O in FwBlockServiceSmm with a CVSS of 8.2.

These vulnerabilities could allow privilege escalation, memory corruption, and running arbitrary codes.

Even if the device was configured with Secure Boot enabled (and configured properly) and the GRUB bootloader was updated to patch the BootHole vulnerabilities, attackers with high privileges on the system could exploit the vulnerabilities listed above to bypass Secure Boot and various other security protections and implant malware early in the boot process,” researchers argued. 

These security gaps could expose data to hackers besides bypassing safety mechanisms. Exploiting the insecure glass access control vulnerability in PA-415, hackers can modify UEFI. 

The BootHole CVE-2020-10713 impacting all the three tested appliances could allow Secure Boot bypass on Linux systems. Threat actors can launch malware, and access even the protected environment. 

Responding to the research, Palo Alto Networks replied by saying that its Security Incident Response Team evaluated the vulnerabilities.

"It determined that the scenarios required for successful exploitation do not exist on up-to-date PAN-OS software under normal conditions with secured management interfaces deployed according to best practice guidelines," they further added.

The company assured that it did not find any instance of exploitation of the vulnerabilities. And they were working with their third-party vendor to mitigate any issues.

The security issues posed to clients and their data despite opting for some of the most promising cybersecurity tools and appliances is concerning. These findings point towards the need to pay a higher attention to detail and consistently working on issues that may seem routine.


Add a Comment
Related
Ivanti Cloud Flaws were Exploited Together as Zero-Days for RCE, Credential Theft
Critical 7-Zip Vulnerability May Circumvent Windows MotW Security Measures
Mercedes-Benz MBUX Infotainment System’s Vulnerabilities Are Now Patched
Over 4M VPN Servers and Home Routers Exposed to Hijacking via Tunneling Protocol Issues
Google OAuth Vulnerability Exposes Sensitive Data Through Defunct Domain Exploitation
Windows Patch Tuesday
January Microsoft Patch Tuesday Addresses 8 Zero-Day Vulnerabilities, 3 Actively Exploited
Most Popular
Severance
Severance Season 2 Episode 2 Explained: Secrets, Tensions, & new Beginnings
Supergirl: Woman of Tomorrow
Supergirl: Woman of Tomorrow- James Gunn Shares First look of Milly Alcock (and the Crest)
2025 Oscar Nominations
2025 Oscar Nominations: Full List Here 
Children of Blood and Bone
Everything we know About Children of Blood and Bone
Duck Dynasty
Duck Dynasty: The Revival Brings back the Robertson Family for a new Generation
Mickey 17
Mickey 17: Second Trailer Explores Multiple Robert Pattinsons and dark Comedy
Severance Season 2 Episode 2 Explained: Secrets, Tensions, & new Beginnings
Supergirl: Woman of Tomorrow- James Gunn Shares First look of Milly Alcock (and the Crest)
2025 Oscar Nominations: Full List Here 
Everything we know About Children of Blood and Bone
Duck Dynasty: The Revival Brings back the Robertson Family for a new Generation
Mickey 17: Second Trailer Explores Multiple Robert Pattinsons and dark Comedy

Most Popular
Severance
Severance Season 2 Episode 2 Explained: Secrets, Tensions, & new Beginnings
Supergirl: Woman of Tomorrow
Supergirl: Woman of Tomorrow- James Gunn Shares First look of Milly Alcock (and the Crest)
2025 Oscar Nominations
2025 Oscar Nominations: Full List Here 
Children of Blood and Bone
Everything we know About Children of Blood and Bone
Duck Dynasty
Duck Dynasty: The Revival Brings back the Robertson Family for a new Generation
Mickey 17
Mickey 17: Second Trailer Explores Multiple Robert Pattinsons and dark Comedy
Severance Season 2 Episode 2 Explained: Secrets, Tensions, & new Beginnings
Supergirl: Woman of Tomorrow- James Gunn Shares First look of Milly Alcock (and the Crest)
2025 Oscar Nominations: Full List Here 
Everything we know About Children of Blood and Bone
Duck Dynasty: The Revival Brings back the Robertson Family for a new Generation
Mickey 17: Second Trailer Explores Multiple Robert Pattinsons and dark Comedy

© 2025 TechNadu, a part of Leaprove Media LLP. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: