SonicWall Warns of Critical Vulnerabilities in Firewall Management Software

by | Jul 13, 2023 | News

SonicWall Warns of Critical Vulnerabilities in Firewall Management Software

Post Views: 413

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

SonicWall has issued an urgent warning to its customers regarding critical vulnerabilities in its Global Management System (GMS) firewall management and Analytics network reporting engine software suites. The company has released patches for a total of 15 security flaws, including four that have been rated as CRITICAL and can potentially bypass authentication, leading to unauthorized access to sensitive information.

The identified vulnerabilities can be found in on-prem systems running GMS 9.3.2-SP1 or earlier and Analytics 2.5.0.4-R7 or earlier.

The list of critical vulnerabilities that admins should promptly address by upgrading to GMS 9.3.3 and Analytics 2.5.2 includes:

  • CVE-2023-34124: Web Service Authentication Bypass
  • CVE-2023-34133: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass
  • CVE-2023-34134: Password Hash Read via Web Service
  • CVE-2023-34137: CAS Authentication Bypass

Threat actors can remotely exploit these vulnerabilities without requiring user interaction, posing a significant risk to organizations. Successful exploitation of the flaws allows unauthorized access to data that would typically be inaccessible, potentially compromising other user information and manipulating or deleting data within the compromised application.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

SonicWall strongly advises organizations using the affected GMS/Analytics On-Prem versions to upgrade immediately to the patched versions, namely GMS 9.3.3 and Analytics 2.5.2. By doing so, organizations can mitigate the risk of unauthorized access and protect their sensitive data.

No public reports of proof of concept (PoC) exploit code or active exploitation of these vulnerabilities have been detected prior to their disclosure and patching by SonicWall PSIRT. However, it is essential for organizations to remain proactive in securing their systems, given the history of SonicWall appliances being targeted in ransomware and cyber-espionage attacks.

Trending: The Rise and Fall of Sabu: From Hacker Hero to FBI Informant

Trending: Recon Tool: Logsensor

SonicWall’s products are widely used by over 500,000 business customers across 215 countries and territories, including government agencies and major corporations globally. The company’s prompt response in addressing these critical vulnerabilities demonstrates its commitment to ensuring the security and protection of its customers’ valuable data. Organizations are strongly advised to apply the necessary patches and keep their systems up to date to safeguard against potential risks.

Trending: DDoSia Attack Tool Upgraded with Encryption, Concealed Targeting

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This