SonicWall on Wednesday announced patches for 15 vulnerabilities in its Global Management System (GMS) and Analytics products, including four critical-severity issues.
GMS is a web-based application for the management and monitoring of SonicWall firewall appliances, while Analytics is a management and reporting engine.
The four critical-severity bugs addressed this week could be exploited to bypass authentication, potentially leading to the exposure of sensitive information.
Two of the flaws, tracked as CVE-2023-34133 and CVE-2023-34134 (CVSS score of 9.8), are described as unauthenticated SQL injection and password hash exposure issues, respectively.
The remaining two, CVE-2023-34124 and CVE-2023-34137 (CVSS score of 9.4), are described as a web service authentication bypass and a CAS authentication bypass, respectively.
Of the remaining flaws, four are high-severity vulnerabilities, while the other seven have a severity rating of ‘medium’.
“The suite of vulnerabilities allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior,” SonicWall notes in an advisory.
All 15 flaws were patched in GMS version 9.3.3 and Analytics version 2.5.2.
SonicWall, which has credited NCC Group for reporting these flaws, says there are no workarounds available for any of them. Organizations using GMS and Analytics are advised to update to a patched release as soon as possible.
The company also notes that it is not aware of any of these vulnerabilities being exploited in the wild, nor of proof-of-concept (PoC) exploits being made public. However, bugs in SonicWall appliances have been exploited in malicious attacks before.
Related: Custom Chinese Malware Found on SonicWall Appliance
Related: SonicWall Warns of Critical GMS SQL Injection Vulnerability
Related: SonicWall Patches Unauthorized Access Vulnerability in SMA Appliances
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
