It could, but you have to consider your threat model. Which is more of a risk: a PXE box with logging and other auditing mechanisms, and isn't exposed to the internet, or random data center ops people running around with USB drives doing who knows what?
There's also secure boot etc like the parallel comment said.
But yes, if you can pwn the bootstrap process of anything, you have a lot of power. That's been true since computers were invented.
There's also secure boot etc like the parallel comment said.
But yes, if you can pwn the bootstrap process of anything, you have a lot of power. That's been true since computers were invented.