**Eclysium**: [PANdora's Box: Vulnerabilities Found in NGFW](https://eclypsium.com/research/pandoras-box-vulns-in-security-appliances/ )
Eclysium evaluated three Palo Alto Networks appliances, finding known vulnerabilities ranging from "Boothole" (buffer overflow to RCE) and secure boot bypass to LogoFail, PixieFail, leaked keys bypass, etc. Elypsium provides a timeline with the most recent update requesting that they wait for a patch before going public with the details, but no estimated time of patch release.
#paloaltonetworks #panos #pixiefail #logofail #boothole #secureboot #panw #infosec #vulnerability #cve #cybersecurity
Not Simon 🐐
npub14g…xznd6
2025-01-23 16:24:39 UTC
Author Public Key
npub14g0mj0fmn0sepfuhp2wupyk7d8xyz7rezpmrx2gfsav9vxlwxypq4xznd6Seen on
wss://relay.momostr.pinkPublished at
2025-01-23 16:24:39 UTCEvent JSON
{
"id": "a23efae53905962e23699f01afcad3f67ba8cd487a495bc9f4dab13570e799cf",
"pubkey": "aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102",
"created_at": 1737649479,
"kind": 1,
"tags": [
[
"t",
"cve"
],
[
"t",
"panos"
],
[
"t",
"secureboot"
],
[
"t",
"panw"
],
[
"proxy",
"https://infosec.exchange/@screaminggoat/113878596316423539",
"web"
],
[
"t",
"boothole"
],
[
"t",
"pixiefail"
],
[
"t",
"infosec"
],
[
"t",
"vulnerability"
],
[
"t",
"cybersecurity"
],
[
"t",
"logofail"
],
[
"t",
"paloaltonetworks"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/113878596316423539",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/screaminggoat/statuses/113878596316423539",
"pink.momostr"
],
[
"-"
]
],
"content": "**Eclysium**: [PANdora's Box: Vulnerabilities Found in NGFW](https://eclypsium.com/research/pandoras-box-vulns-in-security-appliances/ )\nEclysium evaluated three Palo Alto Networks appliances, finding known vulnerabilities ranging from \"Boothole\" (buffer overflow to RCE) and secure boot bypass to LogoFail, PixieFail, leaked keys bypass, etc. Elypsium provides a timeline with the most recent update requesting that they wait for a patch before going public with the details, but no estimated time of patch release. \n\n#paloaltonetworks #panos #pixiefail #logofail #boothole #secureboot #panw #infosec #vulnerability #cve #cybersecurity",
"sig": "6462dc75bbc84fb38f47f4d92fd3d46bf4b1027f20f7bfb42f9437e78e40a4c354584aff2877f26fcd99968ed7077318bf665a2c9ac842e32084219e664d3472"
}