Palo Alto’s firewall machine working system, PAN-OS, relies on Crimson Hat Linux, which makes use of Grand Unified Bootloader model 2 (GRUB2). The corporate indicators its GRUB2 bootloader and different parts with its personal certificates, that are saved within the UEFI certificates retailer to ascertain the chain of belief.
Nevertheless, in 2020, researchers from Eclypsium discovered a crucial buffer overflow vulnerability in the way in which GRUB2 parsed content material from its configuration file, grub.cfg. Designed to be edited by directors with varied boot configuration choices, grub.cfg is just not digitally signed. However as a result of attackers might now edit grub.cfg to set off a buffer overflow and obtain arbitrary code execution contained in the bootloader, they’d a technique to defeat Safe Boot and execute malicious code throughout boot time. This vulnerability, tracked as CVE-2020-10713, was dubbed BootHole.
On the time, Palo Alto Networks printed an advisory about BootHole’s impression on its gadgets, saying that “this vulnerability is exploitable solely when an attacker already compromised the PAN-OS software program and gained root Linux privileges on the system,” noting that “this isn’t potential underneath regular situations.”
