Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products

SonicWall patches four critical-severity vulnerabilities in its Global Management System (GMS) and Analytics products.

SonicWall on Wednesday announced patches for 15 vulnerabilities in its Global Management System (GMS) and Analytics products, including four critical-severity issues.

GMS is a web-based application for the management and monitoring of SonicWall firewall appliances, while Analytics is a management and reporting engine.

The four critical-severity bugs addressed this week could be exploited to bypass authentication, potentially leading to the exposure of sensitive information.

Two of the flaws, tracked as CVE-2023-34133 and CVE-2023-34134 (CVSS score of 9.8), are described as unauthenticated SQL injection and password hash exposure issues, respectively.

The remaining two, CVE-2023-34124 and CVE-2023-34137 (CVSS score of 9.4), are described as a web service authentication bypass and a CAS authentication bypass, respectively.

Of the remaining flaws, four are high-severity vulnerabilities, while the other seven have a severity rating of ‘medium’.

Advertisement. Scroll to continue reading.

“The suite of vulnerabilities allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior,” SonicWall notes in an advisory.

All 15 flaws were patched in GMS version 9.3.3 and Analytics version 2.5.2.

SonicWall, which has credited NCC Group for reporting these flaws, says there are no workarounds available for any of them. Organizations using GMS and Analytics are advised to update to a patched release as soon as possible.

The company also notes that it is not aware of any of these vulnerabilities being exploited in the wild, nor of proof-of-concept (PoC) exploits being made public. However, bugs in SonicWall appliances have been exploited in malicious attacks before.

Related: Custom Chinese Malware Found on SonicWall Appliance

Related: SonicWall Warns of Critical GMS SQL Injection Vulnerability

Related: SonicWall Patches Unauthorized Access Vulnerability in SMA Appliances

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.