Palo Alto’s firewall machine working system, PAN-OS, is predicated on Pink Hat Linux, which makes use of Grand Unified Bootloader model 2 (GRUB2). The corporate indicators its GRUB2 bootloader and different parts with its personal certificates, that are saved within the UEFI certificates retailer to determine the chain of belief.
Nonetheless, in 2020, researchers from Eclypsium discovered a crucial buffer overflow vulnerability in the best way GRUB2 parsed content material from its configuration file, grub.cfg. Designed to be edited by directors with numerous boot configuration choices, grub.cfg shouldn’t be digitally signed. However as a result of attackers may now edit grub.cfg to set off a buffer overflow and obtain arbitrary code execution contained in the bootloader, that they had a technique to defeat Safe Boot and execute malicious code throughout boot time. This vulnerability, tracked as CVE-2020-10713, was dubbed BootHole.
On the time, Palo Alto Networks printed an advisory about BootHole’s impression on its units, saying that “this vulnerability is exploitable solely when an attacker already compromised the PAN-OS software program and gained root Linux privileges on the system,” noting that “this isn’t potential below regular circumstances.”
